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Abstract 


It  is  impossible  to  add  a  combinator  to  PCF  to  achieve  full  abstraction  for  models  such  as 
Berry’s  stable  domains  in  a  way  analogous  to  the  addition  of  the  “paxallel-or”  combinator 
that  achieves  full  abstraction  for  the  familiar  cpo  model.  In  particular,  we  define  a  general 
notion  of  rewriting  system  of  the  kind  used  for  evaluating  simply  t3T)ed  A-terms  in  Scott’s 
PCF.  Any  simply  typed  A-calculus  with  such  a  “PCF-like”  rewriting  semantics  is  shown 
necessarily  to  satisfy  Milner’s  Context  Lemma.  A  simple  argument  demonstrates  that 
any  denotational  semantics  that  is  adequate  for  PCF,  and  in  which  certain  simple  Boolean 
function2ds  exist,  cannot  be  fully  abstract  for  any  extension  of  PCF  satisfying  the  Context 
Lemma.  An  immediate  corollary  is  that  stable  domains  cannot  be  fully  abstract  for  any 
extension  of  PCF  definable  by  PCF-like  rules. 

Keywords:  Stable  functions,  full  abstraction,  context  lemma,  PCF,  standardization. 
AMS(MOS)  subject  classifications:  03B40  68N15  68Q40  68Q50  68Q55 


1  Introduction 


A  paradigmatic  example  of  a  functional  programming  language  is  PCF,  Scott’s  simply 
typed  A-calculus  for  recursive  functions  on  the  integers  [32],  Many  categories  of  deno- 
tational  meaning  are  known  to  adequately  reflect  the  computational  behavior  of  PCF  in 
a  precise  technical  sense,  namely,  a  PCF  term  evaduates  to  the  numeral  n  iff  it  means 
the  integer  n.  But  typically  there  are  pairs  of  terms  with  distinct  meanings  that  never¬ 
theless  are  computationally  indistinguishable  in  PCF.  For  example,  with  the  semantics 
based  on  cpo’s,  PCF  must  be  extended  with  a  “parallel-or”  combinator  in  order  to  express 
enough  computations  to  he  fully  abstract,  i.e.,  semantical  distinctions  and  computational 
distinctions  between  terms  coincide  [31,  30]. 

The  problem  of  characterizing  a  fully  abstract  model  of  unextended  PCF  remains  open 
after  nearly  two  decades,  cf.  [27,  8,  28,  36].  Efforts  to  construct  spaces  of  “sequential” 
functions  corresponding  to  those  definable  in  the  original  PCF  without  parallelism  have 
led  to  the  discovery  of  a  number  of  new  domains  suitable  for  denotational  semantics. 
Although  none  are  fully  abstract  for  PCF,  one  motivation  for  the  development  of  spaces 
such  as  the  stable  functions,  bistable  functions,  sequential  algorithms  [5,  4,  8,  7,  15],  and 
most  recently  the  strongly  stable  functions  [13]  was  that  they  captured  various  aspects 
of  sequentiality  and  so  seemed  “closer”  to  full  abstraction  for  unextended  PCF  than  the 
popular  cpo  model. 

The  stable  function  model  in  particular  has  a  simple  definition  and  attractive  category- 
theoretic  properties.  Its  only  apparent  technical  peculiarity  is  that  stable  domains  of 
functions  are  not  partially  ordered  pointwise;  in  general,  the  stable  ordering  strictly  re¬ 
fines  the  pointwise  ordering.  Nevertheless,  just  as  for  the  cpo  model,  the  elements  of 
stable  domains  of  type  a  —*  t  are  actually  total  functions  from  elements  of  type  a  to 
elements  of  type  r.  Likewise,  there  is  a  natural  notion  of  finite  and  effective  elements  of 
stable  domains,  and  these  domains  yield  an  adequate  least  fixed-point  model  for  PCF. 
Further,  they  form  a  Cartesian  Closed  Category  with  solutions  for  domain  equations  [5]. 
This  category  was  also  independently  discovered  and  used  in  constructing  a  model  of 
polymorphic  A-calculus  [16].  So  the  stable  domains  seem  to  offer  a  setting  for  a  theory 
for  higher-order  recursive  computation  with  many  of  the  attractions  of  the  cpo  category. 

However,  one  important  result  about  cpo’s  is  not  known  for  stable  domains,  namely, 
full  abstraction  with  respect  to  some  extension  of  PCF  analogous  to  the  parallel-or  ex¬ 
tension  which  Plotkin  and  Sazonov  provided  for  the  cpo  model.  What  might  a  symbolic- 
evaluator  for  an  extended  PCF  look  like  if  it  was  well  matched — ^fuUy  abstract — with  the 
stable  model?  We  conclude  that  such  an  evaluator  will  have  to  be  unusual  looking:  it 
cannot  be  specified  by  the  kind  of  term-rewriting  based  evaluation  rules  known  for  PCF 
and  its  extensions. 

The  significance  of  this  negative  result  hinges  heavily  on  how  drastic  we  judge  it  to 
go  beyond  the  scope  of  PCF-like  rules.  It  is  of  course  possible  that  some  operational 
behavior  that  we  declare  to  be  non-PCF-like,  in  our  technical  sense,  will  nevertheless 
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offer  a  useful  extension  of  PCF  for  which  stable  domains  are  fully  abstract.  For  example, 
Bloom  [10]  provides  such  an  extension  for  complete  lattice  models,  though  he  goes  on  to 
criticize  the  rather  complex  algorithmic  specification  of  the  combinators  in  his  extension. 
(The  general  benefits  of  structured  approaches  to  operational  semantics  and  connections 
to  full  abstraction  are  discussed  in  [26,  11].) 

To  illustrate  the  generality  of  our  notion  of  PCF-like  rules,  we  note  that  the  standard 
extensions  of  PCF  by  parallel-or  and  existential  combinators  are  easily  seen  to  be  PCF- 
like.  For  example,  we  can  define  an  evaluator  for  Plotkin’s  3  constant  [30]  while  remaining 
within  a  term  rewriting  discipline,  as  follows.  Let  p  :  4  ^  o  be  an  “integer  predicate” 
variable,  and  use  the  rules: 


3p  — ♦  cond  (pn)  tt  fl, 

3p  — ♦  cond  (pfi)  n  if. 

The  resulting  PCF-like  language  no  longer  has  a  confluent  rewriting  system,  though  it 
remains  single- valued,  viz.,  every  term  rewrites  to  at  most  one  numeral.  In  general,  our 
PCF-like  rules  need  not  even  be  single  valued. 

A  substantial  technical  contribution  of  this  paper  is  a  simple,  modest  restriction  on 
the  format  of  rewrite  rules  which  is  sufficient  to  guarantee  Milner’s  Context  Lemma  [27] 
for  languages  defined  by  such  rules.  Informally,  this  “Approximation”  Context  Lemma 
requires  that  if  two  phrases  M,N  of  the  same  syntactic  functional  type  yield  visibly 
distinct  computational  outcomes  when  used  in  some  language  context,  then  there  are 
actual  parameters  of  appropriate  argument  type,  such  that  M  and  N  each  simply  applied 
to  these  arguments,  yield  visibly  distinct  computational  outcomes.  This  property,  more 
perspicuously  dubbed  operational  extensionality  by  Bloom  [9,  10],  heis  been  identified  by 
many  authors  as  technically  significant  in  program  semantics  [37,  29,  24,  1,  18,  2,  35]. 
The  key  to  the  proof  of  the  Context  Lemma  is  a  new  Standard  Reduction  Theorem  25 
for  PCF-like  rewrite  systems. 

Our  work  borrows  much  from  Bloom  [9,  10].  The  second  author  raised  the  question 
of  whether  there  is  a  “reasonable”  extension  of  PCF  that  would  yield  a  fully  abstract 
evaluator  for  lattice  models  [33,  34].  In  answering  this  question,  Bloom  emphasized  how 
the  Context  Lemma  and  full  abstraction  were  incompatible  with  single-valued  evaluators 
for  the  lattice  model.  He  also  characterized  a  general  class  of  consistent  rewrite  rules 
that  ensured  the  soundness  of  the  Context  Lemma.  However,  in  order  to  encompass 
the  computational  behavior  of  the  3  combinator.  Bloom  needed  to  develop  an  auxiliary 
notion  of  “observation  calculi” . 

Our  PCF-like  rules  are,  in  an  appropriate  sense,  as  powerful  as  Bloom’s  observational 
calculi,  auid  strictly  subsume  the  class  of  consistent  rules.  In  particular,  consistent  niles 
are  necessarily  confluent  and  hence  single- valued;  as  Bloom  remarks  [9],  introducing  a 
join  combinator  with  simple  multiple- valued  rewrite  rules  yields  a  PCF  extension  both 
fully  abstract  for  the  lattice  model  and  also  satisfying  the  Context  Lemma.  Our  wish 
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to  simplify  Bloom’s  criteria  while  dealing  with  nonconfluent  rewriting  systems  forced  us, 
however,  to  a  rather  elaborate  theory  of  standard  reductions. 

As  an  aside,  we  also  point  out  that  it  is  questionable  whether  the  (bi)stable  and  similar 
domains  are  closer  to  full  abstraction  for  PCF.  In  particular,  although  some  operationally 
valid  equations  that  fail  in  the  cpo  model  do  hold,  for  example,  in  the  stable  model,  we 
note  in  Corollary  15  that  the  converse  also  happens:  some  equations  that  hold  in  the  cpo 
model  fail  in  the  stable  model.  The  cpo,  stable  and  likewise  the  bistable  models  thus 
offer  information  about  the  operational  behavior  of  PCF  terms  that  is  not  apparently 
comparable,  and  it  is  hard  to  see  how  to  judge  which  is  a  more  accurate  model. 

The  outline  of  our  argument  is  as  follows:  in  Section  2  we  formulate  the  key  concepts 
of  observational  approximation,  adequacy,  and  full  abstraction  in  a  fairly  general  setting. 
Then  in  Section  3,  Theorem  14,  we  give  a  short  proof  that  any  denotational  semantics 
that  is  adequate  for  PCF,  and  in  which  a  certain  simple  Boolean  functional  exists,  cannot 
be  fully  abstract  for  extensions  of  PCF  satisfying  the  Context  Lemma.  The  Boolean 
functional  is  obviously  not  continuous  in  Scott’s  sense,  but  it  is  stably  continuous,  and 
so  does  appear  in  the  stable  model.  We  also  formulate  a  Comparability  Context  Lemma 
which  applies  to  the  bistable  domains.  Section  4  gives  our  general  notion  of  term  rewriting 
systems  of  the  kind  used  for  symbolic  evaluation  of  PCF  terms.  Then  in  Section  5,  we 
show  that  any  such  system  defines  an  observational  approximation  relation  that  must 
satisfy  the  Context  Lemma  [27].  An  immediate  corollary  is  Theorem  30  that  there  is 
no  extension  of  PCF  defined  by  PCF-like  rewriting  rules  for  which  the  stable  domain 
semantics  is  fully  abstract.  A  similar  result  for  the  bistable  domains  is  announced  but 
not  proved. 


2  Adequacy  and  Full  Abstraction 

Concepts  concerning  program  behavior,  such  as  observational  congruence,  adequacy,  and 
full  abstraction,  can  usefully  be  defined  in  a  general  setting  consisting  of: 

•  an  arbitrary  set  £,  called  a  language^  whose  elements,  M, N,. are  called  terms; 

•  partial  operators  €[•]  on  terms  called  contexts;  and 

•  an  arbitrary  set  C?,  called  a  notion  of  observation,  whose  elements  axe  predicates 
on  terms  called  observations.  When  an  observation  is  true  of  a  term,  the  term  is 
sadd  to  yield  the  observation. 

We  will  work  with  lamguages  whose  operationad  behavior  is  specified  by  (possibly 
nondeterministic)  symbolic  evaluation  of  terms,  so  we  further  assume  a  binary  relation, 
“evaluates  to”,  on  terms.  For  such  languages,  Oe^i  captures  the  familiar  notion  of  ob¬ 
serving  the  final  output  of  an  evaluation: 

C?evai  =  {  “evaluates  to  C?”  |  C?  is  an  output  term}. 
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Here  the  output  terms  axe  those  terms  regarded  as  observable  “output  values”.  These 
typically  include  the  groimd  constants  (integers,  truth  values,  . . . );  A-abstractions  and 
finite  lists  of  output  values  might  also  be  included. 

There  are  other  notions  of  observation  based  on  evaluation.  For  instance,  Oiaxy  con¬ 
sists  of  the  single  predicate  true  of  exactly  those  terms  whose  evaluation  can  terminate. 
And  notions  of  observation  can  be  based  on  semantics  of  terms,  e.g., 

Oint  =  {“has  the  meaning  of  O”  |  O  is  an  output  term}. 

In  this  paper,  however,  we  will  be  mainly  concerned  with  Coeval- 

Any  notion  of  observation  induces  a  preordering  on  terms  called  observational  approx¬ 
imation.  Intuitively,  one  term  approximates  another  if,  according  to  the  chosen  notion  of 
observation,  the  approximated  term  exhibits  at  least  as  much  observable  behavior  when 
used  in  any  program  as  the  approximating  term. 

Definition  1  Let  £  be  a  language  with  a  notion  of  observation  O.  A  term  M  ohser- 
vationally  approximates  a  term  iV,  written  M  QobsN,  if  for  all  contexts  C[-],  whenever 
C\M\  is  a  term  yielding  an  observation  from  O,  then  C[JV]  is  a  term  yielding  it  as  well. 
M  and  N  are  observationally  congruent.,  written  M  =ob»  N,  iff  M  QobsN  and  N  QobtM. 

Observational  approximation  provides  precise  meaning  for  questions  such  as,  “Does 
my  code  meet  a  specification?”  or  “Will  my  new  implementation  of  a  module  change  the 
behavior  of  the  program?” 

In  languages  like  PCF  with  applicative  syntax  and  a  suitable  notion  of  closed  terms, 
analysis  of  observational  approximation  can  be  simplified  by  appealing  to  a  Context 
Lemma: 

Definition  2  Let  £  be  a  language  with  a  notion  of  observation  O.  We  say  a  term  M 
applicatively  approximates  a  term  N,  written  M  iff  for  all  vectors  of  closed  terms, 

P,  whenever  MP  is  a  term  yielding  an  observation,  NP  is  a  term  yielding  it  as  well.  The 
Approximation  Context  Lemma}  holds  if  for  ail  closed  terms  M  and  AT, 

iff 

A  fundamental  result  of  Milner  [27]  is  that  under  Oerai  with  numerals  taken  as  the 
output  terms,  PCF  itself,  as  well  as  its  extension  with  parallel-or,  satisfies  the  Approxi¬ 
mation  Context  Lemma.  We  will  see  later  that  the  Approximation  Context  Lemma  holds 
for  all  languages  defined  in  a  “PCF-like”  operational  discipline,  including,  of  course,  PCF 
and  its  familiar  extensions. 

One  method  for  proving  observational  approximations  is  by  developing  an  abstract 
meaning,  M.  of  a  term  M  that  is  adequate  to  determine  its  observations. 

*In  particular  when  O  is  OevBi,  Bloom  [9]  calls  this  "operational  extensionality”  while  Milner  [27]  uses 
simply  "the  Context  Lemma”.  We  use  the  more  descriptive  "Approximation  Context  Lemma”  because 
we  will  later  consider  Context  Lemma’s  that  are  not  based  on  approximation. 
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Definition  3  A  meaning  function  for  a  language  £  is  a  function  [■]  from  terms  M 
to  values  [M]  in  some  set,  partially  ordered  by  a  relation  C.  A  meaning  function  is 
compositional  iff  for  all  terms  Af,  N  and  contexts  C[-],  if  [M\  C  (Aj  and  C[M\  is  a  term, 
then  C[N]  is  a  term  and  lC[Af]]  C  \C[N]\. 

A  meaning  function  is  adequate"^  for  a  notion  of  observation  O  iff  for  all  terms  M,  N  and 
all  observations  obs  €  O, 

(l-^l  E  a^d  obs{Mfj  implies  obs{N). 

Adequacy  and  compositionality  guarantee  that  the  meanings  accurately  predict  ob¬ 
servational  approximation. 

Lemma  4  A  compositional  meaning  function  [-J  is  adequate  for  a  notion  of  observation 
iff  for  all  terms  M  and  N, 


[Af]  C  [N]  implies  M  QokaN. 

The  ordering  on  adequate  meanings  may  be  strictly  finer  than  observational  approx¬ 
imation.  In  the  ideal  situation,  known  as  full  abstraction,  the  two  orderings  coincide: 

Definition  5  Let  [•]  be  a  meaning  function  for  a  language  £  with  a  notion  of  observa¬ 
tion  O.  We  say  (•]  is  approximation  fully  abstract^  if  for  all  terms  M  and  N, 

IA/1C[A1  iff  MQob,N. 

It  is  equationally  fully  abstract  if  for  all  M  and  N, 

[A/l  =  [iVl  iff  M=ob,N. 

Approximation  full  abstraction  trivially  implies  adequacy  for  compositional  meaning 
functions.  Assuming  that  each  output  term  evaluates  to  itself,  it  follows  immediately 
that  if  [•]  is  adequate  for  C?ev»i  and  [O]  C  [Af],  then  M  evaluates  to  O,  for  any  output 
term  O.  If,  in  addition,  the  meaning  function  is  sound  for  the  evaluator,  we  easily  obtain 
a  familiar  (c/.  [26])  alternate  characterization  of  adequacy: 

Definition  6  A  meaning  function  [•]  is  sound  for  an  “evaluates  to”  relation  if  for  all 
terms  Af  and  N, 


M  evaluates  to  N  implies  [Af]  =  [A^. 


^Aa  with  the  Context  Lemma,  we  might  more  descriptively  call  this  “approximation  adequate”;  but 
we  will  use  only  the  version  of  adequacy  based  on  approximation,  and  call  it  simply  adequacy  for  brevity. 
^Stoughton  [36]  calls  this  “inequationally  fully  abstract”. 
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Lemma  7  A  sound,  compositional  meaning  function  [•]  is  adequate  for  Oevai  iff 

[0]  =  [M]  iff  M  evaluates  to  O, 
for  all  terms  M  and  output  terms  O. 

This  paper  focuses  specifically  on  the  language  PCF  and  its  extensions.  The  precise 
(usual)  definitions  of  PCF  syntax  and  semantics  appear  in  Appendix  A,  and  we  provide 
only  a  quick  review  here. 

PCF  is  a  simply  typed  A-calculus  with  Boolean  and  natural  number  ground  types, 
numerals  ri  for  n  >  0,  Boolean  constants  tt  and  f f,  and  simple  arithmetic,  recursion, 
and  conditional  o{>erators.  The  evaluation  relation  -«  of  the  language  is  given  by  term 
rewriting  rules. 

Definition  8  An  extension  of  PCF  is  a  simply  typed  language  together  with  a  set  of 
rewrite  rules.  The  types,  typed  constants,  and  rewrite  rules  of  the  extension  must  include 
those  of  PCF.  The  extension  is  conservative  iff  for  all  PCF  terms  Af,  and  all  terms  N  in 
the  extension. 


A/  —extended  N  iS  M  — PCF  N. 

Observational  congruence,  adequacy,  etc.,  for  PCF  and  its  extensions  will  be  defined 
with  respect  to  C7«vai,  where  we  take  the  rewriting  relation  —  as  the  “evaluates  to” 
relation,  and  the  output  terms  are  the  ground  constants  tt,  ff,  atnd  n  for  n  >  0. 

The  results  of  the  next  section,  which  examines  full  abstraction  for  models  of  exten¬ 
sions  of  PCF,  require  tnat  we  prove  facts  about  the  meanings  of  terms  while  knowing  very 
little  about  the  extensions  or  the  models.  We  will  only  have  adequacy,  conservativity, 
amd  a  few  other  assumptions  to  work  with.  The  following  lemma  shows  that  this  gives 
us  enough  to  reason  about  the  unextended  terms  of  the  language. 

Lemma  9  If  a  model  is  adequate  for  a  conservative  extension  of  PCF,  then  it  is  also 
adequate  for  PCF. 

Proof:  Suppose  a  model  [•]  is  adequate  for  a  conservative  extension  of  PCF,  and  [Af]  C 
[iV]  for  some  PCF  terms  M,N.  All  models  are  compositional,  so  [C7[Af]]  C 
for  any  PCF  context  C[*].  So  for  any  ground  PCF  constant  c,  if  C(Af]  —extended  c, 
then  C[N]  —extended  c  by  adequacy.  And  then  by  conservativity,  if  C\M\  — pcF  c?  then 
C\N]  -PCF  c.  Hence,  M  N.  ■ 

We  will  further  require  that  our  models  be  sound,  and  that  the  ground  types  o  and  i 
be  interpreted  as  the  flat  epos  {tt,ff}±  and  {0, 1, . .  .}i,  with  the  standard  interpretation 
of  tt,  f  f ,  and  the  numerals  n.  Such  models  will  be  called  models  with  Booleans  (though 
they  are  indeed  also  models  with  integers).  Two  models  with  Booleans  of  particular 
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interest  are  the  cpo  model  C[']  and  the  stable  model  5[-].  Both  models  are  adequate  but 
not  fully  abstract  for  PCF. 

The  additional  information  about  the  ground  types  of  models  with  Booleans  is  in  fact 
enough  to  determine  the  meanings  of  ground  PCF  terms. 

Lemma  10  The  meaning  of  any  closed  PCF  term  of  ground  type  is  the  same  in  all 
models  with  Booleans  that  are  adequate  for  PCF. 

Proof:  Let  Af  be  a  closed  PCF  term  of  t3rpe  o  (the  case  M  :  i  is  similar).  In  PCF, 
exactly  one  of  the  following  holds:  (1)  M  -»pcf  tt;  (2)  M  -»pcf  ff;  or  (3)  neither  (1) 
nor  (2)  holds.  And  by  Lemma  7,  M  -«*pcF  "tt  iff  [MJ  =  [ttj  =  tt  for  any  model  with 
Booleans  (•]  adequate  for  PCF.  Similarly,  cases  (2)  and  (3)  imply  \M\  =  ff  and  [Af]  =  ± 
respectively,  ■ 

Thus  we  can  use  any  particular  adequate  model  with  Booleans,  like  the  familiar  cpo 
model,  to  discover  the  meaning  of  ground  PCF  terms  for  arbitrary  adequate  models  with 
Booleans.  We  have  less  to  say  about  terms  of  higher  type.  But  the  following  notions  are 
useful: 

Definition  11  Let  r  be  a  first-order  type,  that  is,  a  type  of  the  form  <Ti  —*•••—*  <t„, 
where  Oj  is  a  ground  type  for  1  <  j  <  n.  Let  [-j^  for  t  =  1,2  be  type  frames  such  that 
□i  on  [ajjj  equals  C2  on  \o'j\2i  and  let  fi  €  [t],-.  Then  /j  pointvoise  approximates  f^, 
written  fxQpaxhi  ‘ff  for  aM  dj  €  (ffjjj, 

flidt)'  -(dn)  Cl  ft{di)  “  '  {dn). 

It  follows  immediately  from  Lemma  10  that  the  functions  that  are  the  meanings  of  a 
PCF  term  of  first-order  type  agree  pointwise  in  ail  models  with  Booleans  that  are  adequate 
for  PCF.  So  we  can  use  the  meaning  of  a  first-order  PCF  term  in  some  particular  model 
to  reason  about  its  meaning  in  any  adequate  model  with  Boo}e2uis. 

However,  pointwise  equality  is  not  quite  the  same  as  equality  of  functions.  For  ex¬ 
ample,  consider  the  conditional  constant  condo  :  o  o  -*  o  -*  o.  Now  5[condo]  =pnt 
C[con<lo].  But  the  stable  domain  does  not  contain  parallel-or,  so  the  stable  and  cpo 
meanings  o{  o—*  o—*  o  are  different.  Thus,  5(condo]  ^  C[condo]  since  the  two  functions 
have  different  codomains. 

Nevertheless,  it  follows  immediately  from  the  definitions  that  pointwise  approximation 
has  the  following  useful  property: 

Lemma  12  Let  [■]  be  a  model  with  Booleans  that  is  adequate  for  PCF,  and  let  M  and  N 
be  closed  PCF  terms  of  first-order  type.  Then 


implies 


3  Failures  of  Full  Abstraction 

Our  first  theorem  hinges  on  the  presence  of  certain  simple  functionals  over  the  Booleans. 


Definition  13  Let  True  be  the  constant  tt  function  on  the  flat  Booleans,  and  True!  be 
the  strict  constamt  tt  function.  A  true-separator  is  a  function  /  satisfying 

/( True)  =  tt, 

/{True!)  =  ff. 

Theorem  14  Let  [■]  be  a  model  with  Booleans  that  is  adequate  for  some  conservative 
extension  of  PCF  satisfying  the  Approximation  Context  Lemma.  If  [-J  contains  a  true- 
separator,  it  is  not  equationally  fully  abstract. 

Proof:  Define  the  terms 

True  =  Ai.tt, 

def  , 

True!  =  Ai.condx  tt  tt. 


By  the  definition  of  model  with  Booleans,  we  have  [True|  =  True.  And  by  Lemma  10, 
[cond]  =pnt  C[cond|,  so  by  definition  of  model  with  Booleans,  we  have  (True!]  =  True!. 
Then  True !  CappTrue  by  Lemmas  9  and  12.  So  by  the  Approximation  Context  Lemma, 
True!Co4,True. 

We  conclude  that  there  is  no  term  P  defining  a  true-separator;  otherwise  True! 
and  True  yield  distinct  observations  in  the  context  {P  [•]),  contradicting  the  fact  that 
True !  Co6«True. 

However,  we  can  define  a  true-separator  detector,  D,  as  follows: 

<lef 

D  =  Ax.cond  (i  True)  (cond  (z  True ! )  D"  tt)  U°, 


where  Cl°  is  the  divergent  term  (Yo(Az®.2)).  By  Lemma  10,  [n^J  =  =  ±,  and  so 


if  /  is  a  tnie-sep2u-ator, 
otherwise. 


Now  [Az.fi®]  is  the  constant  X  function,  so  [D]  /  [Az.fi®],  since  they  differ  exactly  on 
arguments  that  are  true-separators.  But  since  true-separators  are  not  definable  by  terms, 
D  and  Az.fi®  axe  applicatively  congruent.  Then  by  the  Approximation  Context  Lemma, 
they  are  observationally  congruent,  contradicting  equational  full  abstraction.  ■ 


Corollary  15  If  a  stable  function  model  with  Booleans  is  adequate  for  a  conservative 
extension  of  PCF  that  satisfies  the  Approximation  Context  Lemma,  then  the  model  is  not 
equationally  fully  abstract. 
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Proof:  Every  stable  function  model  with  Booleans  contains  a  true-separator  truesep, 
defined  £is  follows: 


true3ep{g) 


'  tt  if  ^  =  True, 

'  ff  5  =  True!, 
X  otherwise. 


Corollary  16  The  PCF  equations  valid  in  the  stable  model  do  not  include  those  valid  in 
the  cpo  model. 

Proof:  Just  note  that  C[D\  =  ClXx.Q°],  but  ^  ■ 

Our  proof  of  Corollary  15  of  course  takes  advantage  of  the  notable  fzw:t  that  the  stable 
ordering  of  functions  differs  from  the  pointwise  ordering,  e.g.,  the  pmr  of  functions  True 
and  True!  are  ordered  pointwise  but  are  stable-incomparable.  In  fact,  the  first  few  lines  of 
the  proof  of  Theorem  14  already  show  that  tnequational  full  abstraction  is  incompatible 
with  the  Approximation  Context  Lemma  for  any  model  in  which  True  and  True.'  are 
incomparable;  the  rest  of  the  proof  justifies  the  stronger  conclusion  that  equational  full 
abstraction  fails  as  well. 

We  remark  that  the  authors  of  [13]  have  informed  us  that  their  strongly  stable  models 
are  adequate  models  with  Booleans  for  PCF,  and  that  truesep  is  strongly  stable,  so 
Theorem  15  and  Corollary  16  hold  for  strongly  stable  models. 

Berry  realized  that  altering  f  he  pointwise  ordering  of  functions  caused  difficulties,  and 
he  proposed  from  the  start  an  additional  bistable  model  which  combines  stability  with  the 
pointwise  ordering.  Since  the  counterexample  of  Corollary  15  relies  on  the  non-pointwise 
stable  ordering,  it  does  not  apply  to  the  bistable  model. 

There  is,  however,  an  interesting  counterexample  to  the  full  abstraction  of  the  bistable 
model  that  provides  a  starting  point  for  extending  our  results.  The  counterexample, 
noted  in  [15],  has  its  roots  in  the  fundamental  motivation  behind  stable  models,  viz.,  to 
eliminate  elements  like  parallel-or.  Consider  the  following  definition: 

Definition  17  Let  lor  be  the  or-function  that  is  strict  in  its  left  argument,  and  rorbe  the 
or-function  that  is  strict  in  its  right  argument.  An  or-separator  is  a  function  /  satisfying 

/(/or)  =  tt, 
f{ror)  =  ff. 

The  cpo  model  contains  a  parallel-or  function  which  bounds  the  left-  and  right-strict 
or-functions,  and  thus,  by  monotonicity,  cannot  contain  an  or-separator.  Since  the  cpo 
model  is  adequate  for  PCF,  an  or-separator  is  not  definable  in  PCF.  On  the  other  hand, 
the  stable  and  bistable  models  do  not  contain  parallel-or,  and  in  fact,  both  contain  or- 
separators. 
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Thus  in  extending  the  results  to  the  bistable  model,  one  might  try  to  use  an  or- 
sep2U^ator  in  the  role  played  by  the  true-separator  in  the  stable  case.  Since  neither  lor 
nor  ror  applicatively  approximates  the  other,  an  argument  based  on  the  Approximation 
Context  Lemma  will  not  work;  but  a  similar  argument  based  on  a  notion  of  observational 
comparability  does  apply: 

Definition  18  Let  £  be  a  language  with  a  notion  of  observation  O.  Terms  M  and  N  are 
directly  comparable  provided  the  set  of  observations  yielded  by  M  is  setwise  comparable 
to  that  yielded  by  N.  The  terms  are  observationally  comparable,  written  M 
if  for  all  contexts  C[-],  the  terms  C[M\  and  CfAT]  are  directly  comparable.  They  are 
applicatively  comparable,  written  M  '^appN,  if  for  all  vectors  P  of  closed  terms,  MP 
and  NP  are  directly  comparable.  £  with  O  is  sadd  to  satisfy  the  Comparability  Context 
Lemma  if  for  all  closed  terms  M  and  N, 

M^.„N  iff  M^obsN. 

Theorem  19  Let  [•]  be  a  model  with  Booleans  that  is  adequate  for  some  conservative 
extension  of  PCF  satisfying  the  Comparability  and  Approximation  Context  Lemmas.  If 
K’J  contains  an  or-separator,  it  is  not  equationally  fully  abstract. 

Proof;  Consider  the  terms 

lor  s  Xxy.cond  x  tt  (cond  y  tt  f f ), 
ror  W  Axy.cond  y  tt  (cond  x  tt  f f ). 

By  Lemmas  9,  10  and  12,  we  have  [lor]  =  lor,  [ror]  =  ror,  and  lor  ~aj>j>ror.  So  by 
the  Comparability  Context  Lemma,  lor  ~ofc»ror. 

We  conclude  that  there  is  no  term  P  defining  an  or-separator;  otherwise  lor  and  ror 
yield  distinct  observations  in  the  context  (P  [•]),  contradicting  the  fact  that  lor~o6»ror. 
However,  we  can  define  an  or-separator  detector  as  follows: 

D  =  Ax.cond  (x  lor)  (cond  (x  ror)  fl"  tt)  fl®. 


By  Lemma  10, 


if  /  is  an  or-separator, 
otherwise. 


Now  [D]  [Ax.Jl®],  since  they  differ  exactly  on  arguments  that  are  or-separators. 

But  since  or-separators  are  not  definable  by  terms,  D  and  [Ax.fl®]  are  applicatively  con¬ 
gruent.  Then  by  the  Approximation  Context  Lemma,  they  are  observationally  congruent, 
contradicting  equational  full  abstraction.  ■ 
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Corollary  20  If  a  bistable  model  with  Booleans  is  adequate  for  a  conservative  extension 
of  PCF  that  satisfies  the  Comparability  and  Approximation  Context  Lemmas,  then  the 
model  is  not  equationally  fully  abstract. 

Proof:  Every  bistable  model  with  Booleans  contains  an  or-separator  orsep,  defined  as 
follows: 


orsep(g) 


tt  if  g  =  lor, 

<  ff  if  g  =  ror, 
J.  otherwise. 


Corollary  21  ([21])  The  PCF  equations  valid  in  the  bistable  model  do  not  include  those 
valid  in  the  cpo  model. 

Proof:  Just  note  that  C[Z)J  =  C[Aa:.fl“j,  but  BID]  ^  H{Ax.n“J,  where  B[-]  is  the 
bistable  model  of  [5].  ■ 

The  PCF-like  languages,  defined  in  the  next  section,  do  not  satisfy  the  Comparability 
Context  Lemma.  In  fact,  an  or-sepcirator  constant  can  defined  through  the  following 
PCF-like  rules: 

orsep(/)  — >  cond  (/  tt  fl®)  (cond  (/  f f  tt)  (cond  (/  f f  ff )  tt  ft®)  ft®)  ft®, 
orsep(/)  — »  cond  (/  ft®  tt)  (cond  (/  tt  ff )  (cond  (/  ff  ff )  ff  ft®)  ft®)  ft®. 

Thus  we  will  have  to  restrict  the  class  of  niles  we  consider  if  we  wish  to  apply  Theorem  19. 
The  consistent  rules  of  Bloom  [10]  are  an  important,  natural  candidate  for  the  restricted 
class.  We  do  not  know  whether  the  Comparability  Context  Lemma  holds  for  them. 
However,  we  can  prove  that  an  or-separator  is  not  definable  in  consistent  systems  by  a 
method  involving  a  notion  of  comparability  based  on  logical  relations,  as  we  indicate  at 
the  end  of  the  next  section. 


4  PCF-like  rewrite  systems 

Symbolic  evaluators  for  PCF  terms  are  often  presented  as  term  rewriting  systems.  In  this 
section,  we  give  the  basic  definitions  for  such  systems,  and  give  our  criteria  for  calling 
such  a  system  “PCF-like”.  Our  evaluator  for  PCF  is  given  in  Appendix  A. 

A  rewrite  rule  is  a  pjur  I  —*  r  of  terms  of  the  same  type,  such  that  the  free  variables 
of  the  right-hand  side  r  are  included  in  those  of  the  left-hand  side  1.  We  write  M  N 
if  for  some  subterm  A  of  Af,  A  A'  is  an  instance  of  the  rule  x,  and  N  is  obtained 
from  M  by  replacing  A  with  A'.  We  will  omit  A  or  x  as  convenient. 
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Since  all  of  our  languages  are  simply  t3T>ed  A-calculi,  we  will  always  include  fi- 
reduction  in  the  rewrite  rules  of  the  language.  Additionidly,  we  may  specify  some  set  © 
of  S -rules  defining  the  behavior  of  the  constants.  Together,  ©  and  define  the  rewriting 
relation  — »e,n  on  the  language  C.  We  omit  ©  and  when  they  can  be  recovered  from 
context. 

The  ^-rules  of  PCF  have  a  particularly  simple  form: 

Definition  22  A  linear  ground  S-rule  is  a  rewrite  rule  of  the  form 

6mim2  •  •  •  m„  — »  P, 

where  each  m,-  is  either  a  ground  constant  c,-  or  a  variable  x,-.  The  variables  Xi  must 
be  distinct.  A  PCF-like  rewrite  system  is  a  language  £  together  with  a  set  ©  of  linear 
ground  ^-rules  on  the  constants  of  £. 

Note  that  this  definition  of  “PCF-like”  is  meant  to  be  generous.  In  particular,  al¬ 
though  the  system  for  pure,  unextended  PCF  is  both  single-valued — every  term  reduces 
to  at  most  one  constant — and  confluent,  PCF-like  systems  in  general  may  be  multiple¬ 
valued  and  nonconfluent. 

An  interesting  example  of  a  multiple- valued  PCF-like  system  arises  in  [9].  There, 
Bloom  defines  an  extension  of  PCF  that  is  both  fully  abstract  and  denotationally  uni¬ 
versal  for  the  lattice  model  of  PCF.  The  key  to  the  construction  amounts  to  the  addition 
of  operators  T  :  o  and  join  :  o  — *  o  — ♦  o  with  rules 

joinxy  -♦  i, 
joinxy  -»  y, 
join^T^  — »  T,  ni  ^  n2, 

T  — ♦  n,  n  >  0. 

Nonconfluent  but  single- valued  systems  2ure  also  of  interest.  For  example,  [30]  extends 
parallel  PCF  by  an  existential  operator,  3  :  (t  o)  — »  o,  to  achieve  a  language  that  is 
fully  abstract  and  denotationally  universal  for  the  cpo  model.  There,  3  is  defined  by  the 
deductive  rules 

pn  -*»  tt  pfl  -*»  f f 

3p  — » tt  ’  3p  — >  f  f  ’ 

where  -»  is  the  reflexive  transitive  closure  of  The  resulting  language  is  indeed  con¬ 
fluent,  but  goes  beyond  mere  term  rewriting.  Because  he  wanted  to  be  able  to  specify 
constants  like  3,  Bloom  [10]  introduced  observation  calculi  as  a  definition  of  “PCF-like” 
deductive  rules. 

But  note  that  if  we  give  up  confluence,  it  is  possible  to  define  an  3  constant  while  re¬ 
maining  in  a  term  rewriting  discipline.  One  such  definition  was  given  in  the  introduction; 


we  provide  here  a  second  implementation,  which  uses  the  pcirallel-or  combinator  por. 


3p  — »  por  (pO)  (3(Ax.p(succx))), 

3p  —»  cond  (pfl)  tt  f f . 

This  kind  of  rewriting  is  more  straightforward,  but  actually  as  powerful  as  the  deductive 
discipline. 

Since  PCF-like  systems  are  not  confluent  in  general,  we  will  not  be  able  to  use  con¬ 
fluence  in  our  proof  of  the  Context  Lemma.  Instead  we  will  rely  on  a  standardization 
theorem,  which  states  that  if  a  term  M  rewrites  to  a  term  N,  then  there  is  a  “standard” 
reduction  from  Af  to  N.  Thus  we  only  need  consider  these  standard  reductions  in  our 
proof. 

Typically,  the  standard  reductions  are  a  class  of  reductions  with  a  particularly  nice 
structure.  For  instance,  in  the  pure,  typed  A-calculus,  a  standard  reduction  is  one  in 
which  redexes  are  contracted  from  left  to  right. 

The  definition  of  standard  reductions  in  PCF-like  rewrite  systems  is  more  compli¬ 
cated  because  they  admit  the  upwards  creation  of  redexes,  cf.  [19].  However,  there  is 
a  simple  inductive  characterization  of  those  standard  reductions  that  end  at  a  ground 
constant.  This  will  be  sufficient  to  follow  the  proof  of  the  Context  Lemma  given  in  the 
next  section,  so  we  defer  the  general  definition  of  standard  reductions,  and  the  proof  of 
the  Standardization  Theorem,  to  Appendix  C. 

Before  defining  the  standard  reductions  to  ground  constants,  we  introduce  some  useful 
notation.  Consider  the  set  of  indices 

{ t  I  m,-  is  a  constant  c,-  in  rule  9  :  6m  —*  P}. 

These  indices  identify  what  we  call  the  critical  arguments  of  9,  since  the  rule  9  applies 
to  a  term  6Q  iflp  Qi  =  c,-  for  i  in  the  set.  For  expository  purposes  it  will  be  convenient  to 
separate  the  critical  and  non-critical  arguments  of  a  constant  6  (relative  to  some  linear 
ground  tf-rule  9). 

Notation  23  Let  9  :  6m  — »  P  be  a  linear  ground  tf-rule  with^  critical  arguments  and  k 
non-critical  arguments.  Then  for  vectors  A  =  Aj  •  •  •  A,-  and  B  =  Bi'--  Bk,  we  let 

6e{A,B)  =  6^, 

where  Q  is  the  interleaving  of  A  and  B  such  that  the  Ai’s  appear  at  the  critical  indices 
of  Q.  We  drop  the  subscript  9  when  it  can  be  recovered  from  context. 

Note  that  we  do  not  require  that  6Qheajx  instance  of  6m-,  we  will  want  to  use  the  6{-,  •) 
notation  on  terms  that  we  anticipate  becoming  0-redexes  over  the  course  of  a  reduction. 
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In  this  notation,  we  write  linear  ground  ^-rules  as 

e  :  6{c,x)-^P 

or  even 

6  :  S{c,5P)  — »  P{x) 

when  we  wish  to  make  the  dependence  of  P  on  i  explicit. 

Definition  24  The  standard  reductions  to  ground  constants  in  a  PCF-like  rewrite  system 
are  defined  inductively  as  follows.  We  will  write  M  -**,  c  for  a  standard  reduction  of  a 
term  Af  to  a  gro\md  constant  c. 

•  If  c  is  a  ground  constant,  then  the  0-step  reduction  c  -»  c  is  standard. 

•  If  Ml,  A/j, . . . ,  Mn  are  terms,  and  c  is  a  ground  constant,  then  a  reduction 

{\xMi)M2Mz‘ •  ~ Mn  —*0  Mi[i  :=  MaJMs •  •  •  M„ 

-^s  c 


is  standard. 

•  K  Cl,  Ca, . . . ,  Cn,  D,  E  are  terms,  and  c, ci, cj, . . . , are  ground  constants,  then  a 
reduction  of  the  following  form  is  standard: 


*ri  :  6g{CiC2--Cn,D)E 

tr2  : 


MClC2"-Cn,5)| 
•  •  *  Cn,D)E 


♦*  6g{CiC2‘’‘Cn,D)E 

^9  Pe{D)E 


c, 


where  for  1  <  i  <  n,  the  subreduction  consists  of  a  standard  reduction  from  the 
subterm  C,-  to  the  ground  constant  c,-. 


Theorem  25  (Standardization)  For  any  PCF-like  rewrite  system,  if  M  N,  then 
there  is  a  standard  reduction  M  N. 

Note  that  if  we  require  our  rules  to  be  non-overlapping,  then  they  are  a  special  case 
of  orthogonal  rewrite  systems,  for  which  both  confluence  and  standardization  have  been 
known  for  some  time  [19].  Similarly,  confluence  and  standardization  have  been  known  for 
the  s}^tems  of  Bloom  [10],  which  restrict  our  systems  by  allowing  only  so-called  consistent 
overlaps  at  the  root.  However,  it  is  not  clear  whether  3  can  be  defined  in  such  systems, 
and  we  certainly  lose  the  ability  to  define  interesting  non-confluent  systems,  such  as  PCF 
extended  with  join. 
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5  The  Context  Lemma 

Once  standardization  is  knowm,  the  Context  Lemma  can  be  proved  by  a  straightforw6ird 
adaptation  of  Bloom’s  proof  for  his  observation  calculi  [10].  First  we  recall  the  following 
basic  facts  about  substitutions. 

Lemma  26  (Substitution  Lemma)  Ifx^y  and  y  0  FV(L),  then 

M[x  :=  L]  [y  :=  7V[x  :=  Ljj  =  M[y  :=  JV][a:  :=  L]. 

Lemma  27  If  x  ^  FV(P),  then 

P[y  :=  N[x  :=  M]]  =  (P[y  ;=  ^])[i  :=  Af]. 

The  Context  Lemma  will  follow  immediately  from  this  next  result. 

Lemma  28  Suppose  C  is  a  ground  term,  c  is  a  ground  constant,  M  and  N  are  closed 
terms  of  the  same  type,  and  MQappN.  If  C[x  ;=  M]  c,  then  C[x  ;=  JST]  -»  c. 

Proof;  By  Standardization,  C[x  :=  M\  c.  We  show  C[x  :=  A^j  -*»  c  by  induction  on 
the  length  of  the  reduction  C[x  :=  Af]  c. 

1.  The  only  reduction  C[x  :=  M]  -**a  c  of  length  zero  is  c  c.  Then  one  of  the 
following  holds: 

(a)  C  =  c.  Then  clearly  C[x  :=  JV]  =  c  c. 

(b)  C  =  X  and  M  =  c.  Here  C[x  :=  AT]  c  because  MQappN. 

For  the  induction,  we  consider  subcases  on  the  form  of  C. 

2.  C  =  (AyC'i)C'2  •  •  •  Cn-  Assume  x  ^y  (the  case  x  =  y  is  similar).  Since  M  is  closed, 
we  have 

C[x:=M]  =  (Ay(Ci[x:=Af]))C2[x:=  Af]---C„[i:=  Af]. 

Then  the  reduction  C[x  :=  Af]  c  is  of  the  form 

C[x  :=  Af]  =  (Ay(Ci[x  :=  Af]))C2[x  :=  Af]  •  •  •  C„[x  :=  Af] 

(Cl [x  :=  Af])  [y  :=  Calx  :=  Af]]  Calx  :=  Af]  •  •  •  C„[x  :=  Af] 

-*»,  c. 

By  the  Substitution  Lemma, 

(Ci[x:=Af])[y:=C2[x:=Af]]  =  (Ci[y  :=  CaDfx  :=  Af], 
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so  our  reduction  can  be  rewritten 

dx  :=M]  =  ((XyCi)C2  •  •  •  C„)  [x  :=  M] 

liCi[y  :=  C2])C3  •  •  •  C„)  [x  :=  M] 

-**,  c. 

Now  by  )8-reduction,  the  fact  that  N  is  closed,  and  the  Substitution  Lemma, 
C[x:=N]  =  {i\yCr)C2---Cn)[x:=N] 

-*0  ((<^i(y  :=  C2])C2 . . .  C7„)  [x  :=  iV]. 

And  by  induction, 

((Ci[y:=C2])C3---C'„)[x:=  A]  ^  c. 

Thus  we  have  a  reduction  C{x  :=  TV]  c  as  desired. 

3.  C  =  SCi  •  •  •  Cn.  Then  the  reduction  C[x  :=  M]  c  must  contract  the  head  6  by 
some  rule  0  :  — ♦  P(y)  (where  each  dj  is  a  ground  constant).  Accordingly, 

we  rewrite  C  as 

C  =  ve{D,E)F. 

Then  the  reduction  C[x  :=  M]  -**,  c  is  of  the  form 

C[x  :=  M]  =  68{D[x  :=  M],  P[x  :=  M])F[x  :=  Af] 

-  6»{d,  E[x  :=  Af])F[x  :=  Af] 

F(F[x  :=  Af])F[x  :=  Af] 
c, 

where  each  Di[x  :=  Af]  d,-  in  turn.  By  Lemma  27, 

F(F[x:=Af])  =  F(F)[x:=Af], 
so  the  reduction  can  be  rewritten 

C[x  :=  Af]  =  {6e{D,  E)F)[x  :=  Af] 

-4,  (F(F)F)[x:=Af] 
c. 
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Again  by  Lemma  27, 

P(£[a:  :=  A])F[z  :=  ATj  =  (P{E)F)[x  —  N]. 

And  by  induction,  (P(£J)F)[z  :=  N]  c,  and  Di[x  :=  N]  -**  dj.  Thus  we  have 
fotmd  a  reduction 

C[x  :=  iV]  =  E)F)[x  :=  iV] 

-H  {69{IE)F)[x:=N\ 

(F(£)f^[i  :=  JV) 


4.  C  =  xC\  •  • '  Cn-  Then  consider  the  term 

a  =  MCi-‘Cn. 

Note  that  C[x  :=  M]  =  C"[z  :=  A/],  so  C'[x  :=  M]  c.  Moreover  C'  must  be  of 
a  form  considered  in  the  two  previous  cases,  and  so  by  the  previous  argument  we 
conclude  C'[x  :=  N]  -»►  c.  Now  consider  the  applicative  context 

C"M  =  (•|C,(x:=W]...C4i:=WI. 

Since  C"(Af]  =  C'\x  :=  JV],  we  have  C"[M\  -*»  c.  Finally,  MQaypN  implies 
C"[N\  -»  c;  and 

C'[N]  =  NCi[x:=N]---Cnlx:=N] 

=  C[x  :=  iV], 

so  C[x  :=  JV]  -H  c. 

Note  that  we  need  not  consider  the  case  C  =  yCi  •  •  •  C„,  where  y  ^  i,  since  then 
C[x  :=  M]  can  never  reduce  to  a  ground  constant.  ■ 

Theorem  29  (Approximation  Context  Lemma)  In  any  PCF-like  rewrite  system, 

MQcS.N  iff  Mn„„N 

for  all  closed  terms  M  and  N. 

Proof: 

(==>)  Trivial. 

(■4=)  It  is  sufficient  to  show  the  following:  for  all  groimd  contexts  C'[']  and  ground 
constants  c,  if  C[M\  -»  c,  then  C[N\  -h  c. 


Remember  that  the  action  of  placing  a  term  into  the  “holes”  of  a  context  differs  from 
substitution  only  in  that  free  variables  of  the  term  can  be  captured.  But  M  emd  N  are 
closed,  with  no  free  variables  to  capture;  so  for  any  context  C[-], 

C[M]  =  {C[x])[x:=M], 
and  C[N]  =  (C(x])[x  :=  ;V], 

where  x  is  a  fresh  variable.  So  by  Lemma  28,  if  C[M]  -**  c,  then  C[A^]  -»  c  as  well.  ■ 
We  now  have  immediately  from  Corollary  15: 

Theorem  30  Every  stable  function  model  with  Booleans  that  is  adequate  for  a  conserva¬ 
tive  extension  of  PCF  defined  by  PCF-like  rewrite  rules  is  not  equationally  fully  abstract. 

We  remark  that  a  simple  sufficient  condition  to  ensure  that  an  extension  of  PCF 
by  PCF-like  rules  is  conservative  is  that  6-rules  whose  left-hand  sides  involve  no  new 
(non-PCF)  constants  must  be  exactly  the  rules  of  PCF. 

Because  we  are  unable  to  prove  a  Comparability  Context  Lemma  for  consistent  PCF- 
like  rewrite  rules.  Corollary  20  cannot  be  applied.  Nevertheless,  our  analysis  of  compa¬ 
rability  can  be  extended  to  show: 

Theorem  31  Every  bistable  model  with  Booleans  that  is  adequate  for  a  conservative 
extension  of  PCF  defined  by  consistent  PCF-like  rewrite  rules  is  not  equationally  fully 
abstract. 

This  will  be  proved  in  a  forthcoming  paper. 


6  Conclusions  and  Future  Work 

We  have  extended  the  metatheory  of  term  rewriting  semantics  for  simply  typed  A-calculi 
and  have  shown  that  certain  denotational  models,  in  particular  those  based  on  stable  and 
strongly  stable  domains,  cannot  be  fully  abstract  for  such  operational  semantics.  Our 
proof  exploits  the  lack  of  order-extensionality  in  these  domains,  but  an  extension  of  our 
results  to  certain  order-extensional  domains  such  as  the  bistable  domains  is  possible  and 
will  be  the  subject  of  a  forthcoming  paper. 

The  category  of  sequential  algorithms  [6]  is  technically  not  a  model  in  our  sense, 
but  is  like  the  stable  model  in  that  it  is  a  Cartesian  Closed  Category  with  partially 
ordered  function  objects  that  are  not  pointwise  ordered.  We  believe  that  with  some 
minor  modifications  our  results  will  apply  to  it  as  well.  (This  claim  stands  in  apparent 
contradiction  to  the  results  of  [6],  which  shows  that  the  language  CDS,  based  on  concrete 
data  structures  [22],  is  fully  abstract  for  the  sequential  algorithm  model.  However,  it 
seems  questionable  to  us  to  call  a  language  such  as  CDS  “PCF-like”,  since  it  does  not 
have  A-abstraction  or  even  variables.) 
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We  conjecture  that  our  methods  and  results  will  extend  to  untyped  versions  of  PCF- 
like  languages.  Extensions  to  lazy  and  call-by- value  languages  also  seem  plausible,  though 
with  more  difficulties,  since  higher  order  terms  now  yield  observations  and  the  notion  of 
lazy  model  is  more  technical. 

A  particular  open  problem  that  we  have  not  yet  resolved  is  the  case  when  the  definition 
of  model  with  Booleans  is  relaxed  to  allow  “extra'’  Boolean  elements,  e.g.,  if  the  Boolean 
type  is  interpreted  as  error} j..  Finally,  although  we  are  able  to  show  the  failures 

of  some  order-extensional  models,  like  the  bistable  models,  the  extensional  embedding 
methods  of  [12]  offer  a  more  sophisticated  way  to  restore  order-extensionality  which,  for 
example,  guarantees  that  the  theory  of  the  extensionally  embedded  models  includes  that 
of  cpo’s.  We  do  not  know  whether  these  models  can  avoid  the  kind  of  failure  of  full 
abstraction  that  we  have  identified. 

How  great  a  failing  of,  for  example,  the  stable  domains,  is  lack  of  full  abstraction? 
The  category  of  stable  domains  is  mathematically  rich  and  offers  a  plausible  formulation 
of  higher-order  effective  computability.  We  have  shown  that  stable  computability  cannot 
be  captured  precisely  in  the  familiar  rewriting  style  of  operational  semantics  which  works 
for  the  cpo  or  even  the  lattice  models.  But  as  we  observed  in  the  introduction,  the  failures 
of  full  abstraction  we  have  shown  might  be  avoidable  by  some  other  attractive,  as  yet 
undeveloped,  operational  semantics.  Such  an  operational  semantics  would  be  interesting 
to  see;  and  indeed,  some  recent  work  of  Cartwright  and  Felleisen  [14]  suggests  a  fruitful 
development  in  this  direction. 
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A  PCF 


Because  we  will  work  with  both  PCF  and  its  extensions,  we  give  the  general  definitions 
for  simply  typed  A-calculi.  A  language  is  parauneterized  by  its  ground  types  and  typed 
constants;  for  instance,  PCF’s  ground  types  are  the  Booleans  o  and  the  numerals  i,  and 
its  constants  are  listed  in  Figure  1. 

The  set  of  types  of  the  language  is  the  least  set  contiuning  the  ground  types  and 
(<T  —*  t)  for  types  a  and  t.  The  set  of  first-order  types  is  the  least  set  containing  the 
ground  types  and  (<t  — »  r)  for  ground  types  a  and  first-order  types  t. 

The  ty|>ed  terms  of  the  language  are  defined  inductively: 

•  A  constant  6"  is  a  term  of  type  <t. 

•  A  variable  x*’  is  a  term  of  type  a. 

•  If  Af  is  a  term  of  type  (<t  — »  r)  and  AT  is  a  term  of  type  a,  then  {MN)  is  a  term  of 
type  T. 

•  If  M  is  a  term  of  type  t,  then  (Ax" A/)  is  a  term  of  type  (<t  — »  t). 

We  omit  t}T)es  and  parentheses  whenever  possible,  adopting  the  standard  conventions 
of  association:  application  associates  to  the  left,  and  types  associate  to  the  right.  We  will 
use  Af,  A,  P, . . .  to  denote  arbitrary  terms;  x,  y,  z, . . .  to  denote  arbitrary  variables;  and 
<r,  r,  7, . . .  to  denote  arbitrary  types.  6  will  always  denote  a  constant,  and  c  will  always 
be  a  ground  constant.  The  binary  relation  symbol  =  denotes  syntactic  equ2ility. 

Free  and  bound  variables  are  defined  as  usual,  and  we  consider  terms  that  are  identical 
modulo  a  change  of  bound  variables  to  be  syntactically  identical.  A  term  is  closed  if  it 
has  no  free  variables;  otherwise  it  is  open.  A  program  is  a  closed  term  of  ground  type. 

A  substitution  is  a  typed-respecting  mapping  of  variables  to  terms.  Substitutions 
are  extended  to  terms  as  usual  (taking  care  to  avoid  capture  of  free  variables),  and  are 
written  postfix,  so  that  Mp  is  the  application  of  the  substitution  p  to  the  term  Af.  We 
call  Mp  an  instance  of  Af .  If  x  =  Xi, . . . , x„  and  N  =  Ni,..., Nn,  then  [x  :=  N]  is  the 

tt, f f  :  o 

n  :  I  for  each  integer  n  >  0 

succ,pred  :  i  i 

zero?  :  i  -*  o 

condo  •  o  -*  o  o  —*  o 

cond,  :  o  -*  t  —*  i  t 

Yo  :  (<T  -» <r)  — KT  for  each  type  <t 

Figure  1:  Constants  of  PCF 
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Figure  2;  Rewrite  rules  for  PCF 


substitution  that  maps  each  2,-  to  Ni  (simultaneously),  and  is  the  identity  otherwise.  A 
special  case  is  [i  :=  N],  so  that  A!f[x  :=  N]  is  the  result  of  substituting  N  for  x  in  M. 
Sometimes  we  write  M  =  M(x),  with  the  intent  that  M{N)  =  Af[x  :=  N]. 

A  context  €[•]  is  a  term  with  some  “holes*.  C[M\  denotes  the  result  of  putting  M 
into  the  holes  of  C[*],  which  may  cause  free  variables  of  M  to  become  bound.  We  say 
€[•]  is  a  program  context  for  M  if  C[Af]  is  a  closed  term  of  grotmd  t)rpe. 

The  interpreter  of  the  language  is  defined  via  a  rewrite  system;  any  set  of  5-rules, 
together  with  the  classical  rule  {P),  induces  the  one-step  reduction  relation  The 
relation  is  the  reflexive  transitive  closure  of  Figure  2  gives  the  5-ndes  for  PCF. 


B  Simply  Typed  Models 

Here  we  develop  the  general  framework  for  function-based  models  of  simply  typed  A- 
calculi. 

A  type  frame  is  collection  of  sets  indexed  by  type  such  that  {<r  — r]  is  a  set  of 
functions  from  (<r]  to  [r].  The  sets  [<r]  are  called  domains,  and  the  elements  of  each  {&] 
are  called  meanings  or  values  of  type  a. 

Since  our  discussion  focuses  on  issues  of  adequacy  and  full  abstraction,  we  also  require 
the  following: 

•  there  is  a  partial  order  associated  with  each  domain  [<t]; 

•  the  functions  of  \<r  —*  r]  are  monotone  with  respect  to  the  orderings  and  Cr; 
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The  last  two  conditions  say  that  function  application  is  monotone  in  both  arguments; 
this  implies  that  models,  dehned  below,  are  compositional. 

An  environment  is  a  type-respecting  mapping  from  variables  to  values.  If  p  is  am 
environment,  then  the  environment  p[x  :=  d]  is  p  with  the  value  of  x  updated  to  d: 

T  n/  s  I  d  if «  =  X, 

p[x  d](y)  —  I  otherwise. 

An  interpretation  is  a  type-respecting  mapping  from  constamts  to  values.  For  a  given 
type  frame  and  interpretation  X  we  can  try  to  define  a  model,  1*1,  that  is  a  mapping 
from  each  term  to  a  meaning  with  respect  to  am  environment,  satisfying  the  following 
conditions: 


Wp  =  m  (1) 

Wp  =  P(i)  (2) 

((MAr)lp  =  (Mp)([W1p)  (3) 

{\XxM\p)(d)  =  (4) 


Implicit  in  condition  (4)  is  the  requirement  that  the  function  defined  to  be  ([AxAfJp) 
must  be  an  element  of  the  type  frame.  In  other  words,  a  model  is  a  type  frame  that  is 
closed  under  lambda-definability.  Such  closure  certainly  does  not  hold  for  all  type  frames 
(c/.  [25]). 

The  meaning  of  a  closed  term  is  the  same  in  amy  environment: 

[M]p  =  |M]p' 

for  aJl  closed  M  amd  au'bitrairy  p,  p'.  Therefore  we  sometimes  write  [M]  for  the  meaning 
of  a  closed  term  M,  omitting  the  environment. 


Contimiity 

We  give  the  standau'd  definitions  for  cpo’s  amd  continuous  functions,  then  define  the  cpo 
model  of  PCF. 

A  partial  order  or  poset  is  a  set  P  together  with  a  binauy  relation  C  that  is  reflexive, 
transitive,  amd  anti-symmetric.  We  will  refer  to  the  partiad  order  {D,  C)  ais  just  D.  A 
subset  X  Q  D\s  directed  if  every  finite  subset  of  X  hats  an  upper  bound  in  X.  A  partial 
order  D  is  a  complete  partial  order  or  cpo  if  it  has  a  least  element  ±d  and  every  directed 
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subset  X  C  D  has  a  least  upper  bound  UX.  We  omit  the  subscript  D  in  when  it  can 
be  recovered  from  context.  For  any  set  X  we  define  the  cpo  Xx ,  with  elements  XU  { , 
ordered  xCyiffx  =  yorx  =i.x- 

A  function  f  :  D  —*  E  between  posets  is  monotone  if  /(x)  Qe  fiv)  whenever  x  Qd  V- 
We  say  /  is  continuous  if  it  is  monotone  and  /(UX)  =  U /(X)  for  every  directed  X  C  D. 

The  set  D  -*c  E  of  continuous  functions  from  cpo  D  to  cpo  is  a  cpo  under  the 
pointwise  order  Cp,  defined  as  follows: 

f  Qp  9  iff  f{x)  Ce  5(®)  for  all  X  €  D. 

If  Z7  is  a  cpo  and  f  :  D  —*  D  is  continuous,  then  /  has  a  least  fixed  point  fix(f).  The 
function  fix  itself  is  continuous,  which  will  allow  us  to  interpret  the  recursion  operator  Y. 

Now  we  define  the  cpo  model  C[‘\  of  PCP,  based  on  continuous  functions  and  epos. 
First  we  construct  a  t3T)e  frame  with  ground  domains  C\o\  =  {tt,ff}x  and  C[t]  = 
{0, 1,2, . .  .}x,  and  higher-order  domains  C{a t\  =  C{al  — C[tJ.  The  cpo  model 
of  PCF  is  then  the  model  €{•}  associated  with  {CJa]}  and  the  standard  interpretation: 
the  ground  constants  are  interpreted  in  the  obvious  way;  the  constants  are  interpreted 
as  least  fixed-point  operators;  and  the  interpretation  of  the  remaining  function  constants 
is  determined  by  the  condition  that  the  rewrite  rules  of  Figure  2  be  valid  as  equations. 

Theorem  32  (Plotkin[30],  Sazonov[31])  The  cpo  model  C\-\  is  adequate  but  not  fully 
abstract  for  PCF. 

Stability 

If  P  is  a  partial  order  and  X  C  D,  then  X  is  bounded  or  consistent  if  there  is  an  element 
y  Q  D  such  that  x  C  y  for  all  x  €  X.  If  elements  x  and  y  are  consistent  we  will  write 
X  T  y*  We  say  D  is  bounded  complete  if  every  bounded  subset  X  C  D  has  a  least  upper 
bound  UX. 

An  element  a  ^  D  is  compact  if,  for  every  directed  X  C  D  with  a  C  UX,  there  is 
some  X  €  X  such  that  a  C  x.  We  define  KD,  the  kernel  of  D,  to  be  the  set  of  compact 
elements  of  D.  The  cpo  D  is  algebraic  if,  for  every  x  €  I?,  the  set  |x  =  {  a  G  KI?  |  a  C  x  } 
is  directed  and  U  Xx  =  x. 

The  greatest  lower  bound  of  a  set  X  is  denoted  PlX.  A  cpo  is  distributive  if  xn(ylJ2)  = 
(x  n  y)  U  (x  n  z)  whenever  y  and  z  are  consistent.  An  algebraic  cpo  D  has  property  I  if 
Xa  is  finite  for  each  a  €  "KD.  A  dl-domain  is  a  distributive,  botmded  complete  cpo  that 
has  property  I. 

A  continuous  function  /  between  dl-domains  is  stable  if  whenever  x  t  y,  we  have  that 
/(xfly)  =  f{x)r\f{y).  We  let  D  Ehe  the  set  of  stable  functions  between  dl-domains 
D  and  E.  As  noted  in  [5],  D  — E  ordered  pointwise  is  not  a  dl-domain;  accordingly  we 
define  the  stable  ordering  C,: 

f  Qt  9  iff  /(*)  =  /(y)  n  y(x)  whenever  x  C  y. 
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Figure  3:  Boolean  functions 


If  D  and  E  are  dl-domains,  then  D  E  is  a,  dl-domain  under  the  stable  order. 

It  must  be  noted  that  the  stable  order  is  quite  different  from  the  pointwise  order.  For 
instance,  consider  the  monotone  Boolean  functions,  listed  in  Figure  3.  These  functions 
are  both  continuous  and  stable,  and  so  they  are  elements  of  both  the  continuous  and 
stable  type  frames.  However,  the  stable  ordering  of  o  — »  o  (Figure  5)  is  different  from  its 
pointwise  ordering  (Figure  4).  In  particular,  consider  True,  the  constant  tt  function,  and 
True!,  the  strict  constant  tt  function.  Although  True!  Cp  True,  we  have  True!  2*  True, 
since  X  Q,tt  but 


True!(l.)  =  X  ^  tt  =  {True!{tt)  fl  7r«e(X)). 

(It  is  this  that  permits  the  existence  of  the  function  truesep  that  was  needed  in  Corol¬ 
lary  15.) 

Nevertheless,  a  stable  model  of  PCF,  based  on  dl-domdns  and  stable  functions, 
can  be  defined  in  much  the  same  way  as  the  cpo  model.  The  ground  domains  5[o]  and 
of  the  stable  t}rpe  frame  are  identical  to  the  ground  domains  of  the  cpo  model.  At 
higher  types,  however,  we  use  stable  functions:  — f  r J  =  S[r].  Then  we 

let  5|']  be  the  model  associated  with  the  stable  type  frame  and  the  (stable)  standard 
interpretation  (c/.  the  interpretation  of  the  cpo  model). 


Theorem  33  (Berry [5])  The  stable  model  5[']  is  adequate  but  not  fully  abstract  for 
PCF. 
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Figure  4:  Pointwise  ordering  of  o  -+  o 
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True  {ff=>tt)  {ti-^ff)  False 
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Figure  5:  Stable  ordering  of  o  — ♦  o 
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C  standard  reductions  in  PCF-like  rewrite  systems 

C.l  Preliminaries 

This  appendix  gives  a  full  definition  of  standard  reductions  and  proof  of  the  Standard¬ 
ization  Theorem.  In  this  section  we  sketch  out  some  of  the  basic  terminology  of  rewriting 
systems.  Section  C.2  introduces  descendants,  which  allow  us  to  trace  subterms  from  step 
to  step  in  a  reduction.  In  Section  C.3  we  show  that  a  very  weak  form  of  confluence 
holds  for  PCF-like  systems;  this  property  will  be  essential  in  proving  the  Standardiza¬ 
tion  Theorem.  Section  C.4  introduces  labelled  rewrite  systems,  and  proves  that  they  are 
strongly  normalizing.  The  labelled  systems  will  be  used  in  the  proof  of  Standardization. 
The  stand2U'd  reductions  are  defined  in  Section  C.5,  and  Staindardization  is  proved  in 
Section  C.6.  The  proof  is  a  variation  of  Klop’s  proof  for  the  pure  A-calcuIus  [23],  and 
involves  a  rewriting  system  on  reductions.  The  system  successively  rewrites  non-standard 
reduction  paths  to  “more  standard”  paths;  Standardization  is  proved  by  showing  that 
the  system  is  strongly  normalizing,  and  that  normal  forms  axe  standard  reductions. 

Our  presentation  of  the  machinery  used  to  state  and  prove  Standardization  is  neces¬ 
sarily  brief.  Much  of  the  material  is  covered  in  more  depth  in  standard  references  [3,  23). 
Throughout  we  will  work  with  a  PCF-like  rewrite  system  given  by  a  language,  £,  and 
set,  0,  of  linear  ground  6-rules. 

We  assume  that  the  reader  is  familiar  with  the  following  terminology.  The  notation 
M  C  N  denotes  that  M  is  a  subterm  of  N.  A  subterm  may  appear  several  times  in 
a  term;  multiple  occurrences  of  a  subterm  can  be  distinguished  by  their  paths,  which 
specify  the  exact  position  of  a  subterm  inside  the  term.  When  we  speak  of  a  subterm 
Af  C  IV  we  implicitly  mean  a  particular  occurrence  of  M  in  N;  the  disambiguating  paths 
are  omitted. 

Note  that  M  —*  N  iS  there  is  an  instance  A  — »  A'  of  a  rule  ir  such  that  A  C  M,  and 
N  is  obtained  from  M  by  replacing  A  with  A'.  We  will  write  M  N  in  this  case,  and 
we  call  A  a  (irj-redex  and  A'  its  (ir)-contractum. 

A  reduction  (path)  is  a  sequence 


<r  :  Ml  M2  M3  ^,rj  •  •  ■  • 

We  will  use  a’,T,...  to  refer  to  reduction  paths.  Two  reductions  are  coinitial  if  they 
start  in  the  same  term,  and  cofinal  if  they  end  in  the  same  term. 


C.2  Descendants 

Consider  some  possible  effects  of  a  reduction  M  — *  JV  on  a  subterm  A  C  M : 
•  A  could  be  erased,  as  in  (Ax.y)A  — ♦  y. 
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•  A  could  be  copied  to  some  instances  in  N,  as  in  (Ax.5xx)A  6AA. 

•  A  could  be  left  untouched  and  in  its  original  position,  as  in  A((Ax.x)y)  —*  Ay. 

•  The  contracted  redex  might  occur  within  A,  transforming  it  into  a  syntactically 
different  subterm  in  the  same  position. 

In  order  to  define  and  prove  standardization,  we  will  need  to  speak  precisely  about  these 
cases,  so  we  introduce  descendants,  which  let  us  track  a  subterm  throughout  a  reduction. 
We  will  not  define  descendants  in  their  full  generality,  but  only  for  certain  subterms  of 
interest.  Our  definition  is  equivalent  to  the  standard  definition  [23]  on  those  subterms. 

Descendants  are  introduced  via  an  annotated  rewrite  system  derived  from  C  and  6, 
in  which  some  A’s  and  S's  are  marked  with  a  *.  Thus  we  define  the  language  £.,  whose 
symbols  are  those  of  C,  with  the  addition  of  A,,  and  for  each  constant  S''  of  £.  The 
terms  of  £,  are  defined  inductively: 

•  A  constant  S''  or  S^  is  a  term  of  type  <r. 

•  A  variable  x"  is  a  term  of  type  a. 

•  If  Af  is  a  term  of  type  (a  — »  r)  and  is  a  term  of  type  <t,  then  (MN)  is  a  term  of 
typ>e  r. 

•  If  M  is  a  term  of  type  t,  then  (Ax'^M)  and  (A,x®'Af)  are  terms  of  type  (a  — »  t). 

The  erasure  \M\  €  £  of  A/  €  £.  is  obtained  from  M  by  leaving  out  the  ♦’s.  Substitution 
for  the  language  is  defined  in  the  obvious  way  (with  A.’s  binding  variables  just  as  A’s). 
The  rules  of  the  new  system  it’ elude  0  and  the  rule  scheme 

/?.  :  {X,xM)N  M[x  :=  N]. 

Similarly,  the  5-rules  0,  of  the  system  aa«  derived  from  the  rules  0.  If  9  is  a  rule  of  0, 

9  :  6{c,x)  -*  P{x), 

then  0.  contains  all  rules  of  the  form  S'  and  5.: 

ff:S{c',x)  -»  P(x), 

9.:S4c'S)  P(x), 

where  c'  is  any  vector  of  £.  ground  constants  such  that  |c '|  =  c. 

There  is  a  strong  connection  between  the  systems.  Any  0«-reduction  path  cr, 

tr  :  Ml  Ml  M^  ^,3  •  •  • , 
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projects  to  a  @-reduction  path  |<t|: 


\a\ :  \M,\ 


|A,| 


'l»r 


IM2 


IA3I 


1»»1 


lAf3 


I  As  I 

l*3l  •  •  •  • 


Conversely,  for  any  M  €  and  6-reduction  path  <r  :  \M\  there  is  a  unique  lift 

of  <r  to  a  ©.-reduction  path  :  A/  — » •  •  •  such  that  tr  =  |<r'|. 

We  will  be  interested  in  tracing  subterms  of  the  form  {\x.Mi)M2  or  SMi  •  •  •  Mn 
throughout  a  reduction;  that  is,  yS-redexes  and  possible  5-redexes.  Accordingly,  we  intro¬ 
duce  the  following  terminology.  A  subterm  (Xx.Mi)M2  or  SMi  -  •  •  of  M  is  called  a 
predescendant  of  M.  If  is  a  set  of  predescendants  of  Af  G  £,  we  write  {M,T)  for  the 
£.  term  derived  from  M  by  marking  the  head  A  or  5  of  each  predescendant  in  T  with 
a  *. 


Definition  34  Suppose  tr  :  M  N  is  a.  ©-reduction  path. 

(i)  If  A  is  a  predescendant  of  M,  its  set  of  descendants  in  N  relative  to  <r,  written 
{Aftr),  is  defined  as  follows. 

Let  M'  =  (M,  {A})  and  lift  tr  to  tr* :  M*  N\  If  A  =  {\xMi)M2  (resp. 

A  =  6 Ml  •  •  •  Af„),  then  (A/<r)  ^  where  T  is  the  unique  set  of  subterms  of  N 
of  the  form  {\xM[)M2  (resp.  6M[  •  •  •  A/' ),  such  that  N'  =  {N, 

(ii)  If  ^  is  a  set  of  predescendants  of  Af,  its  descendants  Tltr  are  defined 

na  «  U{A/.r|Ae^). 

(iii)  A  C  A/  is  an  ancestor  of  A'  C  W  if  A'  €  A/<v. 

For  a  given  reduction  Mi  M2  —*  M3  —»•••,  we  will  sometimes  speak  of  descendants 
and  ancestors  for  subterms  of  terms  Mi  and  Mj,  where  t  and  j  are  any  indices  such  that 
j  >  i.  We  do  not  specify  the  reduction  from  Mi  to  Mj,  as  it  can  be  recovered  from 
context. 

Note  35 

(i)  If  M  N,  then  A  has  no  descendants  in  N. 

(ii)  If  M  N,  where  A  =  S{c,  B),  then  no  c,-  has  a  descendant  in  N. 

We  mention  that  the  following  important  property  holds  for  our  PCF-like  systems,  since 
it  does  not  hold  for  all  rewrite  systems  [23]. 

Note  36  If  A  C  Af  and  M  —*  N,  then  descendants  of  A  in  AT  are  disjoint. 
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Disjointness  of  descendants  does  not  extend  to  as  we  indicate  here: 


(Xy.{Xx.yx)y){Xz.6Mz)  —*0  {Xx.(Xz.6»z)x)(Xz.Smz) 

■^0  (Xx.S^x){Xz.6,z) 

-^0  S,{Xz.6,z). 

Definition  37  Suppose  Mi  is  a  term  in  a  reduction  <r, 

<T  :  M\  A/j  Mz  ^irj  *  •  •  • 

(i)  We  say  A  C  Mi  is  (ir)-contracted  fin  tr)  if  for  some  j  >  t,  Aj  is  a  descendant  of  A 
and  iTj  =  IT. 

(ii)  We  say  A  C  A/i  is  active  (in  tr)  if  there  is  a  A'  C  A  that  is  contracted  in  tr. 

Sometimes  it  will  be  useful  to  specify  a  set  of  subterms  of  some  term  M,  and  consider 
reductions  from  M  in  which  only  those  subterms  are  contracted.  Such  reductions  are 
called  developments.  Because  we  work  with  systems  in  which  a  subterm  can  contract  by 
more  than  one  rule,  our  definition  of  developments  extends  the  standard  definition  by 
specifying  a  rule  for  each  redex  contracted  in  a  development. 

Definition  38  Suppose  the  following:  <r  is  a  reduction  from  M  io  N\  T  is  z.  set  of 
subterms  of  M\  and  II  is  a  mapping  that  takes  each  A  €  ^  to  a  rule  ta- 

(i)  We  call  tr  a  development  of  T  from  M  by  II,  written  tr  :  {M,^)  N,  if  each 
redex  A'  contracted  in  <r  is  a  descendant  of  some  A  €  .F,  and  A'  is  contracted  by 
rule  xa- 

(ii)  We  say  a  development  is  a  complete  development,  written  a  :  {M,^)  N,  if 

cpi 

rftr  =  0. 

When  n  is  evident  from  context,  we  will  omit  mention  of  it. 

Note  39  If  is  a  set  of  n  disjoint  redexes  of  M,  then  clearly  all  complete  developments 
of  T  from  M  are  of  length  n  and  are  cofinal. 

C.3  Properties  related  to  confluence 

Note  39  is  a  special  case  of  a  much  stronger  theorem,  the  Finite  Developments  theorem. 
We  will  not  need  to  prove  the  Finite  Developments  theorem  in  its  full  generality;  this 
section  proves  a  weaker  result  that  will  be  sufficient  for  our  application. 

Definition  40  We  say  two  j-redexes  Ai  and  A2  overlap  if  either 


(i)  they  share  the  same  head  S,  or 

(ii)  one  Aj  appears  as  a  critical  argument  of  the  other. 

Note  that  in  case  (ii),  the  Ai  must  be  a  ground  constant. 

Often,  rewrite  systems  are  constrained  to  avoid  overlapping  redexes;  such  systems 
are  guaranteed  to  be  confluent.  Because  we  allow  overlapping  rules,  our  systems  are  not 
confluent  in  general.  However,  they  do  satisfy  the  following  much  weaker  property,  which 
will  be  essential  in  our  proof  of  standardization. 

Lemma  41  Suppose  tri  :  Mo  ^  Mi  and  <r2  :  Mq  ^  M2,  where  Ai  and  Aj  do  not 
overlap.  Then  complete  developments  of  A2ftri  from  Mi  and  Aiftr2  froTn  M2  are  finite 
and  cofinal. 

Proof:  For  each  of  the  vairious  cases  on  the  relative  positions  of  Ai  and  Aj  in  Mq,  we  And 
a  term  A/3  that  is  the  final  term  of  every  complete  development  of  Ai/<r2  zmd  A2(tri: 


Mo  - ^ ^  Ml 


1.  Ai  and  A2  are  disjoint.  Then  Mq,  Mi,  and  M2  can  be  written 

Mo  =  •  •  •  Ai  •  •  *  A2  •  •  •  > 

Ml  =  •  •  *  Aj  •  •  •  A2  ‘ , 

M2  =  •  ■  •  Ai  •  •  •  A2 '  •  •  > 

where  A\  and  A^  are  the  respective  contractums  of  Ai  and  A2.  Now  defining 

M3  =  •  •  •  Aj  •  •  •  A2  •  •  • , 

we  see  that  the  only  complete  development  of  A2/(ri  is  Mi  ^  M3,  and  the  only 
complete  development  of  Ai/<r2  is  M2  ^  M3,  as  desired. 

2.  Ai  C  A2-  Then  there  is  a  unique  descendant  Aj  of  A2  in  Mi,  and  we  consider 
three  subcases. 
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(a)  A2  =  (Ax. .  •  •  Ai  •  •  •)N.  Then  we  can  write  Afo,  Afi,  and  M2  as 

Mo  =  -.-((Ax.-.-Ai.-OiV)--., 

M^  =  •..((Ax..--A;.-.)iV).-., 

Mj  =  ■••((••. Ai.-.)[x:=Ar])---, 

where  Ai  is  the  contractum  of  Ai,  and  Aj  =  (Ax.  •  •  •  Ai  •  •  ■)N.  K  we  take 
M3  =  •••((•••  Ai  ••  •)[x  :=  JV])  ••• , 

then  the  only  complete  development  of  Aj/iri  is  Mi  -+/»  '  3.  Furthermore, 
substitutivity  holds  for  PCF-like  rewrite  systems;  that  is, 

M^M'  =>  M[x  :=  N]  ^  M'[x  :=  N], 

where  A'  is  A  with  any  free  occurrences  of  x  replaced  by  jV.  Thus  the  only 
complete  development  of  Aija'2  is  M2  — ♦  M3. 

(b)  A2  =  (Ax.JV)(-  ■  •  Ai  •  •  •).  Then  Mb,  Mi,  and  M2  can  be  written 

Mo  =  .••((Ax.iV)(--.Ai. ..))•••, 

Ml  =  •••((Ax.JV)(...Ai  •••))•••, 

M2  =  .••(iV[x:=(...Ai. ..)])•••, 

where  Ai  is  the  contrcictum  of  Ai,  and  A2  =  (Ax.iV’)(‘  •  •  Ai  •  •  •).  Defining 

Ms  W  •  •  •  {N[x  :=(•••  Ai  •  •  •)])  •  •  • , 

we  see  that  the  only  complete  development  of  Aj/tf’i  is  Ml  M3.  Further¬ 
more,  descendants  of  Ai  in  M2  are  disjoint,  and  any  contraction  of  them  in 
turn  is  a  reduction  M2  ^  ^  M3. 

(c)  A3  =  6g{- Ai  •••)••  •).  Then  we  write  Mo,  Mi,  and  M*  as 

Mo  =  •••(5«("-,-"(-"Ai  •••)•*•))•••, 

Ml  =  •••(^*(-*-,--*(---Ai  •••)•••))”•> 

Ml  =  •  •  •  (P®(* ..(...  Ai  •••)•••))•’• , 

where  Ai  is  the  contractum  of  Ai,  and  Aj  =  ••,•••(•••  Ai  •••)••  •).  Defin¬ 

ing 

W3  "  -■•(/’.(•■•(■••a;---)-  -))---. 

ive  see  that  the  odIx  complete  developmeDt  of  As/oi  is  Mi  ^s  Ms.  And  just 
as  in  case  2b,  the  descendants  of  Ai  in  M3  are  disjoint,  so  by  contracting  them 

in  turn  we  find  a  reduction  Mi  ^  ^  M3. 
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3.  Aj  C  Ai.  This  case  is  handled  exactly  as  case  2. 


C.4  A  labelled  A-calculus 

For  any  PCF-like  rewrite  system,  there  is  a  corresponding  labelled  PCF-like  system  that 
is  strongly  normalizing.  The  labelling  technique  has  led  to  some  of  the  simplest  proofs 
for  many  syntactic  properties,  and  we  will  use  it  in  our  proof  of  standardization.  This 
section  introduces  labelled  calculi  and  proves  that  they  are  strongly  normalizing. 

The  labelled  system  is  similar  to  the  system  that  we  introduced  earlier  to  define 
descendants.  However,  the  systems  are  also  different  in  important  ways,  since  they  are 
intended  for  different  purposes.  In  the  labelled  system,  we  will  mark  S's  with  nonnegative 
integers  instead  of  *’s,  and  we  will  not  need  to  mark  A’s.  Furthermore,  we  do  not  adlow 
unmarked  ^’s.  The  reasons  for  this  will  become  apparent  in  what  follows. 

For  any  PCF-like  language  £,  the  langu^e  £n  is  just  the  PCF-like  language  with 
constants  for  each  constant  of  £  and  each  n  €  . 

Notation  42 

(i)  If  Af  €  £ni  then  (Af|  €  £  is  the  term  derived  from  M  by  erasing  the  labels  on  the 
constants. 

(ii)  If  Af  €  £,  then  Af"  €  £n  is  the  term  derived  from  M  by  labelling  each  constant 
with  n. 

The  ^-niles  6n  of  the  labelled  calculus  are  defined  as  follows.  If  ^  is  a  rule  of  6, 

0:6{c,x)-*P{x), 

then  @N  contains  all  rules  of  the  form  On: 


where  c'  is  a  vector  of  £n  ground  constants  such  that  |c'|  =  c.  Note  that  there  is  no  rule 
for  any  Sq. 

The  projection  \(r\  of  a  0iv-reduction  path  v  is  defined  in  the  obvious  way.  And  any 
6-reduction  tr  can  be  lifted  to  a  9iy-reduction  tP  such  that  tr  =  \tP\  (e.ff.,  label  each 
constant  in  the  first  term  of  tr  by  the  length  of  tr). 

Definition  43  A  term  M  is  strongly  normalizable  (SN)  if  all  reductions  starting  at  Af 
are  finite. 

Theorem  44  (Strong  Normalisation)  Every  £n  term  is  strongly  normalizable. 
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The  rest  of  this  section  lays  out  the  oroof  of  strong  normalization.  We  use  a  straightfor¬ 
ward  extension  of  the  method  of  [17]. 

Definition  45  The  notion  of  strong  computability  (SC)  of  a  term  is  defined  by  induction 
as  follows: 

(i)  A  term  of  groimd  type  is  SC  iff  it  is  SN 

(ii)  A  term  is  SC  iff,  for  every  SC  term  N",  the  term  {MNY  is  SC 

Note  46  By  definition  45(ii)  a  term  M  is  SC  iff,  for  all  vectors  N  of  SC  terms  driving 
M  to  ground  type,  the  term  MN  is  SC.  And  by  definition  45(i),  such  an  MJV  is  SC  iff 
it  is  SN. 

Definition  47  An  atom  is  a  variable  or  a  constant  Sn  with  no  rule. 

Lemma  48 

(i)  l{  a  is  an  atom  and  N  is  a  vector  of  SN  terms,  then  the  term  aN  is  SC. 

(ii)  Every  SC  term  M  is  SN. 

Proof:  By  induction  on  the  type  of  aN  and  M . 

1.  Basis:  aN  and  Af  have  ground  type. 

(i)  Since  each  iV,  is  SN,  aJV  must  be  SN,  and  therefore  SC  by  definition  45(i). 

(ii)  By  definition  45(i). 

2.  Induction:  aN  and  M  have  type  a  —*■  r. 

(i)  Let  P*'  be  SC.  By  the  induction  hypothesis  (ii),  P  is  SN.  Then  by  induction, 
the  term  {aNPy  is  SC.  Therefore  so  is  aN  by  definition  45(ii). 

(ii)  Let  x"  be  a  variable  not  occurring  in  M.  By  the  induction  h3rpothe8is  (i),  x  is 
SC.  Then  {Mxy  is  SC,  and  therefore  SN  by  induction.  But  any  subterm  of 
an  SN  term  is  SN,  so  M  is  SN  as  well. 


Lemma  49  If  N  is  SC  and  M[x  :=  N]  is  SC,  then  so  is  {XxM)N. 

Proof:  Let  P  =  Pj , . . . ,  P„  be  a  vector  of  SC  terms  driving  M  to  ground  type.  Since 
M[x  :=  AT]  is  SC,  the  term 

:=  An)f  (5) 
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(6) 


is  SN  by  Note  46.  The  lemma  follows  from  Note  46  if  we  can  prove  that 

(XxM)NP 


is  SN. 

Now  since  (5)  is  SN,  all  of  its  subterms  are  SN,  including  M[x  :=  N],  P.  Furthermore 
by  hypothesis  and  the  preceding  lemma,  N  is  SN.  Therefore  an  infinite  reduction  from  (6) 
cannot  consist  entirely  of  contractions  in  M,N,Pi,...,Pn.  So  an  infinite  reduction  of 
(6)  must  have  the  form 

iXxM)NPi---Pn 

Af'[x:= 

... 

(where  M  -*»  Af',  etc.)  From  the  reductions  M  M'  and  N  N'  we  have 

M[x  :=  N]  M’[x  :=  N’] 

Then  we  can  construct  an  infinite  reduction  from  (5)  as  follows: 

M[x-N]Pi--‘Pn 


But  this  contradicts  the  fact  that  (5)  is  SN.  Therefore  there  is  no  infinite  reduction  from 
(6);  it  must  be  SN.  ■ 

Lemma  50  Consider  a  constant  6  and  a  vector  N  of  SC  terms  driving  6  to  ground  type. 
If  for  each  rule  6  on  6, 

ff:Ss{e,^^Ps(x), 

^  ^  ^ 

where  SN  =  S8{Ni,N2)N3,  we  have  that 

P0{N2)N3  (7) 


is  SC,  then  SN  is  SC, 

Proof:  We  must  show  that  SN  is  SN.  Since  the  N  are  SC,  by  Lemma  48  they  are  SN. 
Therefore  any  infinite  reduction  from  SN  must  look  like 

S0{Ni,N2)N3  60{c,N2)N3 

P0iN2)N3 
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where  N\  -**  c,  -**  N2  ,  etc.  But  then  we  can  construct  an  infinite  reduction  from  (7) 
as  follows: 

P0iN2)N3  P0(N2)N3 


But  as  (7)  is  SC,  by  Lemma  48  it  is  SN,  a  contradiction.  Therefore  SN  is  SN.  ■ 

Lemma  51  For  any  term  M  and  substitution  />=[£:=  where  each  Ni  is  SC,  the 
term  Mp  is  SC. 

Proof:  The  proof  is  by  induction  on  the  lexicographic  ordering  of  (m,  M),  where  m  is 
the  maximmn  6-index  appearing  in  M . 

1.  M  is  a  vzuiable  Xi.  Then  Mp  is  Ni  and  the  result  follows. 

2.  Af  is  an  atom  distinct  from  x\,.. . ,Xn-  Then  Mp  =  M  which  is  SC  by  Lemma  48. 
Note  that  this  includes  all  constants  60. 

3.  M  =  .  Then  Af  p  ^  .  Thus  it  is  sulllcient  to  show  that  for  any  vector  N 

of  SC  terms  driving  Sm+i  to  ground  type,  the  term  6„+iJV'  is  SC. 

Consider  any  rule  6  on  6m+i: 

9  :  ^m+i{c,z>  -♦  F(x). 

By  construction  of  the  labelled  calculus,  no  constants  in  P  are  labelled  with  an 
index  greater  than  m.  Thus  we  can  apply  the  induction  hypothesis  to  P. 

If  we  rewrite  6m+iN'  as  6m+i{Ni  ,N2  )N3  ,  by  induction  P{N2  )  is  SC.  Then  by  the 
definition  of  SC,  the  term  P{N2  )N3  is  SC.  Therefore  by  Lemma  50,  6m+iN'  is  SC. 

4.  Af  =  Xy^'Mi.  Then  Mp  =  Ay(Afip),  neglecting  changes  in  bound  variables. 

To  show  that  Mp  is  SC  we  must  show  that  for  all  SC  terms  N'',  the  term  {Mp)N 
is  SC.  But  {Mp)N  =  (Ay(Afip))JV,  and 

(Mip)[y  :=  iV]  =  Afi(xi:=iVil...[x„:=Ar„][y:=Ar] 

which  is  SC  by  induction.  Therefore  {Xy{Mip))N  is  SC  by  Lemma  49. 

5.  Af  =  AfiAfj.  Then  Mp  =  (Afip)(Afap),  and  Mip  and  Afap  are  SC  by  induction. 
Therefore  Afp  is  SC  by  deflation  45(ii). 


Proof  of  Theorem  44  (Strong  Normalization):  By  Lemma  51,  every  term  Af  is  SC 
(just  let  X  be  empty).  Then  by  Lemma  48,  Af  is  strongly  normalizing.  ■ 
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C.5  Standard  Reductions 


Our  definition  of  standard  reductions  is  similar  to  that  of  [19],  with  a  few  important  dif¬ 
ferences.  The  “linear  ground”  restriction  imposed  on  our  systems  gives  us  a  particularly 
simple  class  of  rewrite  rules,  and  this  simplicity  carries  over  to  the  definition  of  standard 
reductions.  On  the  other  h2aid,  the  systems  of  [19]  do  not  include  A-abstraction,  and 
forbid  overlapping  rewrite  rules,  which  we  allow. 

Overlapping  rules  do  not  add  much  complication  to  the  definition  of  standard  reduc¬ 
tions,  but  they  are  more  of  an  obstacle  in  the  proof  of  standardization.  Overlapping 
systems  are  not  confluent  in  general,  so  we  cannot  use  confluence  and  related  properties 
in  our  proof.  This  is  offset  by  the  fact  that  we  consider  only  t3T[>ed  systems. 

The  standard  reductions  of  [19]  are  based  on  “outside-in”  reductions.  Informally, 
outside-in  reductions  are  reductions  in  which  no  subterm  of  a  term  reduces  before  the  term 
itself  contracts,  unless  the  subterm  reduces  outside-in  and  contributes  towards  making 
the  term  a  redex.  For  example,  consider  the  PCF  reduction 

cond  (zero?  0)  Af  ►  cond  tt  M  N 

M. 

The  reduction  is  standard,  even  though  the  term  cond  (zero?0)  M  N  contracts  after  its 
subterm  (zero?0),  because  it  is  the  contraction  of  (zero?0)  that  turns  the  cond  term 
into  a  redex. 

There  is  a  natural  way  of  testing  whether  or  not  a  reduction  is  outside-in:  first, 
identify  “outermost”  subterms  that  contract;  each  of  these  identifies  subterms  that  must 
reduce  before  the  outer  subterm  itself  contracts.  By  iterating  the  process,  we  can  identify 
a  subterm  or  subteims  that  must  reduce  before  any  others,  if  the  reduction  is  to  be 
outside-in.  This  idea  is  the  basis  of  our  definition  of  standard  reductions. 

For  each  term  in  a  reduction,  we  identify  a  principiil  redex,  and  call  a  reduction  stan¬ 
dard  if  the  redex  contracted  at  each  step  is  the  principal  redex.  For  the  pure  A-calculus, 
the  principal  redex  for  some  A/,  will  simply  be  the  leftmost  redex  of  M{  contracted  in  the 
reduction. 

For  systems  with  constants,  we  must  allow  reductions  to  take  place  in  the  critical 
arguments  of  some  ^-terms.  To  find  the  principal  redex,  then,  we  start  by  considering 
the  leftmost  contracted  subterm;  if  it  is  a  ^-term,  we  then  consider  critical  arguments 
in  which  contractions  take  place,  etc.  Eventually,  consideration  of  these  preprincipal 
subterms  leads  to  the  principal  redex. 

Definition  52  Let  Af,-  be  a  term  in  a  reduction  path  a, 

<r  :  Afi  ^  Afj^  Afs^---. 


A  contracted  subterm  A  of  M,  is  preprindpal  in  <r  if 
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(i)  A  is  the  leftmost  subterm  of  Af«  contracted  in  <r;  or 

(ii)  there  is  a  subterm  A'  of  Mj  such  that: 

•  A'  is  ^-contracted  in  <r; 

•  A'  is  of  the  form  Sg(A,  B),  where  the  leftmost  active  critical  argmnent,  At,  is 
of  the  form  AN;  and 

•  A'  is  preprincipal  in  tr. 

We  write  pp<,(A)  if  A  is  preprincipal  in  o’. 

This  next  lemma  is  essential  in  showring  an  important  property  of  the  preprincipal 
subterms:  they  are  linearly  ordered  by  C  (see  the  following  note): 

Lemma  53  Let  Mi  be  a  term  in  a  reduction  path  a, 

and  let  A  be  a  preprincipal  subterm  of  Mi.  If  A  ^  A,-,  then  A  has  a  unique,  preprincipal 
descendant  A'  C  Af,+i . 

Proof:  By  induction  on  how  pp^(A). 

(i)  pp<,(A)  because  A  is  the  leftmost  contracted  subterm  of  Mi.  Then  clearly  A  has 
some  unique  descendant  A'  in  Mi+i.  Furthermore  A'  is  the  leftmost  contracted 
subterm  of  Afj+i,  as  the  contraction  of  Ai  can  only  introduce  terms  to  the  right  of 
A'.  Thus  pp<,(A')- 

(ii)  pp^(A)  because  Mi  contains  a  preprincipal,  0-contracted  subterm,  69 {A,  B),  whose 
leftmost  active  critical  argument,  Ak,  is  of  the  form  AN. 

Now  Ai  ^  69{A,B),  else  by  Note  35(ii),  A  would  have  no  descendant  in  Mi+i, 
contradicting  the  fact  that  it  is  contracted  in  a. 

So  by  induction,  B)  has  a  unique,  preprincipal  descendant,  which  must  be  of 
the  form  6g{A',  B').  But  then  A\,  =  A'jV',  where  A'  is  the  unique  descendant  of  A, 
md  furthermore  pp^(A'). 


Note  54 

(i)  By  Lemma  53,  every  preprincipal  subterm  contracts  exactly  once  in  <r.  Thus  the  $ 
and  Ak  of  Definition  52(ii)  are  unique. 

(ii)  By  (i),  we  conclude  that  if  Ai  and  A3  are  distinct,  preprincipal  subterms  of  Mi, 
then  either  At  C  As  or  A3  C  Ai. 
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Definition  55  Suppose  <r  is  a  reduction  path. 


«r:Mi  ^ 

(i)  We  define  the  principal  redex  pr,(A/i)  to  be  the  innermost  preprincipal  subterm  of 
Mi.  By  Note  54(ii),  this  is  well  defin^. 

(ii)  We  say  «r  is  a  standard  reduction  if  for  all  *,  Aj  =  pr^(Afi). 

The  following  theorem  is  the  main  result  of  this  appendix. 

Theorem  56  (Standardization)  If  M  N  is  a  finite  reduction  in  a  PCF-like  rewrite 
system,  then  there  is  a  standard  reduction  from  M  to  N. 

C.6  Path-reduction 

This  section  gives  our  proof  of  Standardization.  It  is  based  on  a  proof  in  [23]  for  the  pure 
A-calculus,  which  introduced  a  sort  of  meta-reduction:  a  reduction  relation  on  reduc¬ 
tion  paths.  This  path-reduction  rewrites  non-standard  reductions  into  “more  standard” 
reductions.  The  following  results  motivate  the  definition  of  path-reduction. 

Lemma  57  Let  <r  be  a  reduction  path, 


and  let  A  s  pr^(Mi).  1/ A,-  ^  A,  then  A  has  a  unique  descendant  A'  C  Mi+i,  and 
A'  =  pr^(Mf+,). 

Proof;  Lemma  53  proves  imiqueness.  To  show  A' s  pr^(Af,+i),  by  the  definition  of  pr„ 
and  Lemma  53  it  sufiSces  to  note  the  following;  if  A]  C  A2  C  A/  have  unique  descendants 
a;,  A^  C  Af',  where  M  Af',  then  AJ  C  A',.  ■ 

Corollary  58  Suppose  tr  is  a  reduction  path, 

<r:  Afi  ^Afj^  -  Af,. 

Then  tr  is  standard  iff  there  is  no  j  such  that  Aj  is  the  descendant  of  pr,(Afj_i). 

The  corollary  suggests  a  possible  way  to  transform  a  non-standard  reduction  into  a 
standard  reduction:  successively  “swap”  the  contraction  of  a  principal  redex  with  the 
contraction  of  a  non-principal  redex  at  the  previous  step.  If  we  reach  a  reduction  in 
which  each  principal  redex  contracts  as  soon  as  it  becomes  principal,  we  will  have  foimd 
a  standard  reduction. 
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Definition  59  Suppose  <r  is  a  non-stauidard  reduction,  that  is,  there  is  some  j  such  that 


a  : - »  Mj-i  Mj  ^  Mj+i  -4  •  •  • 

where  Ay  is  the  descendant  of  A'-  =  pr^(My_i).  The  subpath 

A/y_,  A/y  ^  A/y+i 

is  called  the  path-redex  at  step  j.  Note  that  Ay  and  Ay_i  do  not  overlap,  and  furthermore, 
by  Lemma  57,  Ay  is  the  unique  descendant  of  Ay.  Therefore  by  Lemma  41,  we  can  find 
a  sequence 

A'  A'  ,  A'  , 

Afy_,-4Af;  ^‘My+„ 

where  the  Ay_i  are  the  descendants  of  Ay_i.  Such  a  sequence  is  call  a  path-contractum. 
Finally,  we  define  path-reduction:  tr  tr'  if  a'  is  obtained  from  tr  by  replacing  the 

path 

path-redex  at  step  i  by  a  corresponding  path-contractum.  We  will  drop  the  index  3 
when  convenient. 

Clearly,  path-reduction  preserves  initial  and  final  terms,  amd  any  path-reduction  nor¬ 
mal  form  is  a  standard  reduction.  Moreover,  the  next  two  lemmas  show  that  path- 
reduction  is  strongly  normalizing. 

Lemma  60  Suppose  tr  tr',  where 


tr  :  Mi^ - ►  My-i  Mj  ^  Afy+i  -♦•••, 

:  Ml-* - A/y+i-^  -.. 

Then  for  i  ^  j,  the  following  hold: 

(i)  If  A  C  Mi  is  not  contracted  in  tr,  then  it  is  not  contracted  in  tr', 

(ii)  If  A  Q  Mi  is  contracted  in  tr  and  pp,(A),  then  A  is  contracted  in  tr'. 

(iii)  If  A  C  Mi  is  preprincipal  in  tr,  then  it  is  preprincipal  in  tr' . 

(iv)  pr^(M<)  =  pr,/(Mi). 

Proof: 

(i)  Just  note  that  path-reduction  only  permutes  the  order  of  contraction  of  subtmns; 
it  does  not  introduce  new  contractions. 
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(ii)  It  is  clear  that  if  A  contracts  in  tr  and  does  not  contract  in  then  A  is  either 
Aj_i  or  one  of  its  ancestors.  Thus  we  only  need  consider  Aj_i. 

If  Aj_i  does  not  contract  in  tr',  then  it  must  be  contained  in  A'-.  But  A'-  is  the 
principal  redex  of  Mj_i,  that  is,  the  innermost  preprincipal  subterm  of  M,_i.  So  if 
Aj-i  is  not  contracted  in  tr',  it  is  not  preprincipal  in  o’. 

(iii)  We  use  induction  on  how  pp^(A). 

1.  pp^(A)  because  A  is  the  leftmost  contracted  subterm  of  Mi.  By  (ii),  A  is 
contracted  in  <r*,  and  by  (i),  it  is  the  leftmost  contracted  subterm  of  Mi  in  o^. 
Therefore  pp^/(A). 

2.  pp,(A)  because  pp^{6s{A,  B)),  and  the  leftmost  active  critical  argument,  Ak, 
is  of  the  form  AN.  By  induction,  pp^»(6fl(A,  B)),  amd  by  (ii),  A  is  contracted 
in  er'.  So  Ak  is  active  in  <r',  and  by  (i),  it  is  the  leftmost  active  critical 
argument.  Therefore  pp^,(A). 

(iv)  This  follows  from  (i),  (iii),  and  the  definition  of  pr^,. 


Lemma  61  If  tr  is  a  finite  reduction,  then  there  is  no  infinite  path-reduction  starting 
from  <r. 

Proof:  Consider  a  path-reduction 


=1  1  — *  tr  2  — ►  — >  •  •  • . 

path  path  path 


It  is  not  hard  to  see  that  the  reduction  could  have  been  carried  out  in  the  labelled  system; 
that  is,  if  is  a  labelled  reduction  such  that  |<rjl  =  <Ti,  and  tr,-  o‘,+i,  then  there  is 


a  labelled  reduction  such  that  and 

labelled  reductions  . . .  such  that  Itr^l  =  Vi,  and 


^  <1- 


path 


Thus  we  can  find 


— >  ITo  — »  tTo  — ►  •  •  • . 
*  path  ^  path  ^  path 


And  because  labelled  reduction  is  strongly  normalizing,  and  each  o^  begins  with  the  same 
term,  each  <r,-  is  finite. 

Furthermore,  the  path-reduction  can  be  thought  of  as  constructing  a  tree  of  terms, 
with  each  path  from  root  to  leaf  corresponding  to  a  reduction  E^ach  contracted 
path-redex  introduces  a  branching  in  the  tree.  For  example,  if  <r,-  -4  tTi+t,  then  the 

path 

root-to-leaf  path  corresponding  to  <r,>i  is  obtained  by  branching  off  of  the  root-to-leaf 
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path  of  tTi  at  depth  j  —  1.  The  situation  is  depicted  in  the  following  figure,  where  the 
root  of  the  tree  is  displayed  at  the  left  and  the  leaves  are  displayed  at  the  right: 


Ml 


Mj.i  ^  Mi 


M„  :  at 

Mn  ’  ^i+1 


By  Lemma  60(iv),  the  tree  is  a  binary  tree,  and  we  have  just  seen  that  there  is  no 
infinite  path  from  the  root.  Then  by  Konig's  Lemma,  the  tree  is  finite,  so  the  number  of 
different  reductions  given  by  the  tree  must  be  finite.  ■ 

Proof  of  Theorem  56  (Standardization):  If  :  M  -h  AT  is  a  finite  reduction  in  a 
PCF-like  system,  we  can  obtain  a  standard  reduction  from  M  to  N  just  by  finding  a 
path-reduction  normal  form  of  a.  ■ 


if 


Note  that  we  have  not  shown  that  path-reduction  normal  forms  are  unique:  that  is, 


tr  — » 

path 

and  tr  —* 

path 


path 

path 


0-2, 


where  <r\  and  tr^  are  normal  forms,  we  are  not  guaranteed  that  tr-i  =  tr-i.  We  expect 
that  the  property  holds,  but  haven’t  tried  to  verify  that  it  does,  since  it  is  not  needed  to 
prove  Standardization. 
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